httprecon project
advanced web server fingerprinting
"Marc Ruef developed a new tool to make fingerprinting of web servers much easier. While using different test cases the hard requirements of such an identification can be met much better and more precise." - Martin Rutishauser, OneConsult GmbH, Director Training and Research
The fingerprint online database is always under development and updated. There are 363 different implementations documented. Please choose the series of tests which you would like to list:

NameRequestDescription
get_existingGET / HTTP/1.1Legitimate GET request to fetch an existing ressource. Usually the content of the fetched ressource is shown.
get_longGET /aaa(...) HTTP/1.1Very long GET request. The ressource should not exist. Most web servers generate an error message.
get_nonexistingGET /404test.html HTTP/1.1Common GET request for a non-existing ressource. This usually leads to an 404 error message.
wrong_versionGET / HTTP/9.8A request with a wrong http version. Most web servers produce an error message.
head_existingHEAD / HTTP/1.1Common HEAD request for an existing ressource which should show the common http headers.
delete_existingDELETE / HTTP/1.1DELETE request for an existing ressource. Most web servers have this method not activated and will produce an error message.
optionsOPTIONS / HTTP/1.1The OPTIONS method asks the web server for the supported methods which are printed in the Allow line.
wrong_methodTEST / HTTP/1.1A request with a non-existing method TEST which should produce an error message.
attack_requestGET [attack_request] HTTP/1.1Common GET request which tries to access an URI which includes well-known attack patterns (e.g. format string, sql injection, cross site scripting).

[upload] [top]