WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

httprint version 301

From: Saumil Shah <saumil () net-square com>
Date: Thu, 22 Dec 2005 16:02:43 +0530
Greetings,

The latest version of httprint (v301), is available for download.

Description:
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.
httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. The current version of httprint can import web servers from nmap network scans, if they are saved in XML format. The current version provides reports in HTML, CSV and XML format. Current version also provides confidence rating.
httprint is available as a command line tool on Win32, Linux, FreeBSD and Mac OSX. A GUI version of httprint is also available for the Win32 platform.
The current build for httprint is 301. httprint was first released at the Blackhat Briefings USA 2003 in Las Vegas. 

More details on httprint can be found at:
http://net-square.com/httprint/

Filenames:
http://net-square.com/httprint/httprint_win32_301.zip
http://net-square.com/httprint/httprint_linux_301.zip
http://net-square.com/httprint/httprint_freebsd_301.zip
http://net-square.com/httprint/httprint_macosx_301.zip

(original MD5 checksums are mentioned on the httprint page itself)

Homepage:
http://net-square.com/httprint/

Paper:
http://net-square.com/httprint/httprint_paper.html

Revision History

v301
----
- New multi-threaded engine.
- SSL information gathering.
- Automatic SSL port detection.
- Bug-fix: HTTP header server banner containing <script> tags used to cause Javascript execution in HTML generated reports. - Bug-fix: HTTP server banners greater than 1024 bytes caused CPU usage to go up to 100%. 
(Both bugs reported by Mariano Nunez Di Croce mnunez () cybsec com)

v202
----
- Automatic HTTP 301, 302 traversal.
- Works with FreeBSD 4.x and 5.x.
- Cleaned up build process and version release.

v200
----
- Server matches are now chosen on confidence ratings instead of highest weights. 
- Reports can now be generated in XML format.
- FreeBSD version available.

v107
----
- Ability to import web server IP addresses and ports from nmap's XML output files, generated by the -oX option. 
- Reports can now be generated in CSV format.

v105
----
- First public release.


Enjoy,
-- Saumil

[net-square]
Previous By Date Next
Previous By Thread Next

Current thread: