≡ Menu

Fingerprint / Identify Remote Web Server

Q. How do I fingerprint or identify remove web server a from UNIX / Linux shell prompt?

A. You can use standard utilities such as
a) telnet command

b) curl command

telnet - Identify remote web server

Use telnet to connect to remove web server, enter
$ telnet www.vivekgite.com www
Output:

Trying 74.86.49.130...
Connected to www.vivekgite.com.
Escape character is '^]'.

Request header, enter the following command and hit [ENTER] key twice:
HEAD / HTTP/1.0
Output:

HTTP/1.0 200 OK
Connection: close
X-Pingback: http://www.cyberciti.biz/tips/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Date: Mon, 28 Jan 2008 08:50:55 GMT
Server: lighttpd
Connection closed by foreign host.

curl - Identify remote web server

Type the command as follows:
$ curl -I http://www.remote-server.com/
$ curl -I http://vivekgite.com/

Output:

HTTP/1.1 200 OK
Content-type: text/html
Content-Length: 0
Date: Mon, 28 Jan 2008 08:53:54 GMT
Server: lighttpd
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 8 comments… add one }

  • Exoloiter February 3, 2008, 3:57 am

    Use Hmap for linux users

  • srinivas December 7, 2009, 9:25 am

    WOW! telnet works most of the time.

    does anyone know how I can block suck requests that give away important info about my server, as I believe that would usually be the first place to start a hack or attack.

  • Kannan August 2, 2012, 5:46 pm

    This method of identifying the webserver will rarely work unfortunately as the remote web server host should have a telnet server running on it. Most of them will have it disabled and Windows 7 has it disabled by default. So you’ll get this error “Could not open connection to the host, on port 23” mostly.

    • Danny November 2, 2012, 4:31 pm

      You’re wrong. the “www’ on the end means connect on port 80.

  • Kannan November 2, 2012, 8:47 pm

    Actually was trying from Windows from a web server that I have access to. Yes, if you add www it forces to check on port 80 instead of 23 (default). But still you need to have telnet server running which is disabled typically … So you get no response.

    But I get a LISTENING response with Microsoft’s portqry.exe on port 80.

    • Rob October 27, 2014, 2:08 pm

      Nope, you don’t need to have a telnet server running.

      If a web server is running on port 80 and you telnet to port 80 you will see the response the server gives. If you took that telnet client and built an html parser and a UI around it you will have built a browser.

      Now telnet to port 25 on a mail server and start sending it an email. ….See where it goes?

  • Bernd November 8, 2012, 6:15 pm
  • Harry July 11, 2013, 2:20 pm

    besides the fact that all on this site has NOTHING to do with FINGERPRINTING because i can let respond my server whatever i want in ther Server-header or strip it completly – fingerprinting is analyze the headers, the order of the headers and so on

    > if you add www it forces to check on port 80 instead of 23 (default).
    > But still you need to have telnet server running which is disabled typically

    stop this idiotic bullshit if you have no plan of TCP basics
    telnet is a raw TCP tool and the telönet client connects to the WEBSERVER
    NOBODY needs to run a telnetserver DAMNED, nowhere

    boy look here how admins are working daily with the telnet CLIENT
    http://workaround.org/ispmail/lenny/test-mail-through-telnet

Leave a Comment