Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

httprint version 301

from [Saumil Shah] Network Security [Permanent Link]
Subject: httprint version 301
Date: Thu, 22 Dec 2005 16:02:43 +0530 
Greetings,

The latest version of httprint (v301), is available for download.

Description:

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.

httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. The current version of httprint can import web servers from nmap network scans, if they are saved in XML format. The current version provides reports in HTML, CSV and XML format. Current version also provides confidence rating.

httprint is available as a command line tool on Win32, Linux, FreeBSD and Mac OSX. A GUI version of httprint is also available for the Win32 platform.

The current build for httprint is 301. httprint was first released at the Blackhat Briefings USA 2003 in Las Vegas.

More details on httprint can be found at:
http://net-square.com/httprint/

Filenames:
http://net-square.com/httprint/httprint_win32_301.zip
http://net-square.com/httprint/httprint_linux_301.zip
http://net-square.com/httprint/httprint_freebsd_301.zip
http://net-square.com/httprint/httprint_macosx_301.zip

(original MD5 checksums are mentioned on the httprint page itself)

Homepage:
http://net-square.com/httprint/

Paper:
http://net-square.com/httprint/httprint_paper.html

Revision History

v301
----
- New multi-threaded engine.
- SSL information gathering.
- Automatic SSL port detection.
- Bug-fix: HTTP header server banner containing <script> tags used to cause Javascript execution in HTML generated reports.
- Bug-fix: HTTP server banners greater than 1024 bytes caused CPU usage to go up to 100%.
(Both bugs reported by Mariano Nunez Di Croce mnunez@cybsec.com)

v202
----
- Automatic HTTP 301, 302 traversal.
- Works with FreeBSD 4.x and 5.x.
- Cleaned up build process and version release.

v200
----
- Server matches are now chosen on confidence ratings instead of highest weights.
- Reports can now be generated in XML format.
- FreeBSD version available.

v107
----
- Ability to import web server IP addresses and ports from nmap's XML output files, generated by the -oX option.
- Reports can now be generated in CSV format.

v105
----
- First public release.


Enjoy,
-- Saumil

[net-square]

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • httprint version 301, Saumil Shah <=
Previous by Date:  Re: Mambo, Coppermine and PHPBB Attacks, Jack Tennessee
Next by Date:  RE: Rules on security issues for static code analizers of Java, Burke, Charles
Previous by Thread:  New OWASP project - PCI Web Security Standards, mike . owasp
Next by Thread:  Reform 0.9 -- Encoding libraries, Michael Eddington
Indexes:  [Date] [Thread] [Top] [All Lists]