Penetration Testing mailing list archives
Re: [PEN-TEST] "Type-of-webserver"-scanner?
From: Ken Cutler <kcutler () MISTI COM>
Date: Thu, 14 Dec 2000 22:13:03 -0500
Here are several tools I use for this purpose: - Netscan Tools Pro 2000 (lists HTTP's of your choice plus FTP!) - nice listing - Nmap Web security curmudgeon <jericho () ATTRITION ORG> on 12/13/2000 08:50:41 AM Please respond to Penetration Testers <PEN-TEST () SECURITYFOCUS COM> To: PEN-TEST () SECURITYFOCUS COM cc: (bcc: Ken Cutler/MISTI_BOS) Subject: Re: [PEN-TEST] "Type-of-webserver"-scanner?
Yes, there is a tool doing this .... Thanks to Attrition (they wrote it for their defacements archive) : http://www.attrition.org/tools/src/ros (it's just 5 lines of shell script using lynx [direct connect + netcraft] & nmap)
doh =) the version of 'ros' on that url was a bit outdated. I have since put the newer version up. Netcraft recently changed their query line which was breaking one of the three checks. Also redid the NMAP section to acount for non root users doing fingerprinting (via sudo). In reality, we don't use 'ros' much anymore (if at all) as the same material is part of a larger script that is updated more regularly. No doubt there is more quirky behaviour in this script. -- ros -- #!/bin/sh # makes sure you enter a username if [ -z "$1" ]; then echo "usage: $0 <site>" exit -1 fi USER=`whoami` # old netcraft # echo "Netcraft: `lynx -dump -nolist http://www.netcraft.com/whats/?host=$1 | egrep -A1 "Remote OS guesses"`" # new netcraft echo "Netcraft: `lynx -dump -nolist http://uptime.netcraft.com/graph?display=uptime\&site=$1 | egrep -A1 "The site $1 runs"` if [ $USER = root ]; then nmap -P0 --osscan_guess -p 22,23,25,53,80 -O $1 2>/dev/null >> /tmp/$1-nmap_results NMAPOUT=`egrep -i '(system guess|Remote OS guesses)' /tmp/$1-nmap_results` echo "nmap: $NMAPOUT" else /usr/local/bin/sudo /usr/local/bin/nmap -P0 --osscan_guess -p 22,23,25,53,80 -O $1 2>/dev/null >> /tmp/$1-nmap_results NMAPOUT=`egrep -i '(system guess|Remote OS guesses)' /tmp/$1-nmap_results` echo "nmap: $NMAPOUT" fi # check the remote server itself echo "$1: `lynx -dump -nolist -head http://$1 | egrep -i server`"
Current thread:
- [PEN-TEST] "Type-of-webserver"-scanner? Johan.Augustsson (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Jose Nazario (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Guy Cohen (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Nicolas GREGOIRE (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? security curmudgeon (Dec 14)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Mike Gerber (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Vanja Hrustic (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Alex Butcher (Dec 14)
- <Possible follow-ups>
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Gallicchio, Florindo (2007) (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Bock, John (ISS San Francisco) (Dec 13)
- Re: [PEN-TEST] "Type-of-webserver"-scanner? Ken Cutler (Dec 16)