Fingerprint Web Server (Active)

Test Objectives

Find the version and type of a running web server to determine known
vulnerabilities and the appropriate exploits to use during testing.
(OWASP Testing Guide v4.0 – OTG-INFO-002)

Active:

Manual browse the site with an intercepting proxy (like Burpsuite, ZAP or Fiddler) before running any automated scanner. Pay special attention to:

  • Response headers
  • File extentions
  • Directory names
  • Session tokens
  • Third-party Code Components

Tools:

Httprecon:  http://www.computec.ch/projekte/httprecon/
nmap: https://nmap.org/
httprint: in the kali repro
nc (netcat): part of most linux distributions
telnet client: part of most linux distributions

References: