nmap to get web server info
I realized that nmap can be used to get info about web server. Informations about servers are easy to read via header. Admins tend to mask actual product or version the web is running on. So, then nmap comes to play with.
[root@kremilek ~]# nmap -sV -P0 -p80 www.idnes.cz
Starting Nmap 4.20 ( http://insecure.org ) at 2009-02-12 21:03 CET
Interesting ports on c1.idnes.cz (194.79.52.192):
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 6.096 seconds
Header way:
[root@kremilek ~]# HEAD www.idnes.cz
200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 12 Feb 2009 20:03:46 GMT
Accept-Ranges: bytes
ETag: W/"c6b3f4ff4c8dc91:23a"
Server: Microsoft-IIS/6.0
Content-Length: 77562
Content-Location: http://www.idnes.cz/sph.htm
Content-Type: text/html
Last-Modified: Thu, 12 Feb 2009 20:03:40 GMT
Client-Date: Thu, 12 Feb 2009 20:03:46 GMT
Client-Peer: 194.79.52.192:80
Client-Response-Num: 1
X-Powered-By: ASP.NET
Comments:
damar -
thank you for sharing,isn’t work on me. how if i want to know more?