nmap to get web server info

I realized that nmap can be used to get info about web server. Informations about servers are easy to read via header. Admins tend to mask actual product or version the web is running on. So, then nmap comes to play with.

[root@kremilek ~]# nmap -sV -P0 -p80 www.idnes.cz
Starting Nmap 4.20 ( http://insecure.org ) at 2009-02-12 21:03 CET
Interesting ports on c1.idnes.cz (194.79.52.192):
PORT   STATE SERVICE VERSION
80/tcp open  http    Microsoft IIS webserver 6.0
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 6.096 seconds
Header way:
[root@kremilek ~]# HEAD www.idnes.cz
200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 12 Feb 2009 20:03:46 GMT
Accept-Ranges: bytes
ETag: W/"c6b3f4ff4c8dc91:23a"
Server: Microsoft-IIS/6.0
Content-Length: 77562
Content-Location: http://www.idnes.cz/sph.htm
Content-Type: text/html
Last-Modified: Thu, 12 Feb 2009 20:03:40 GMT
Client-Date: Thu, 12 Feb 2009 20:03:46 GMT
Client-Peer: 194.79.52.192:80
Client-Response-Num: 1
X-Powered-By: ASP.NET

Comments:

damar - Mar 3, 2019

thank you for sharing,isn’t work on me. how if i want to know more?