httprint
httprint is a web server fingerprinting tool. The current version is build 301 (beta).
introduction |
features |
downloads |
usage |
signatures |
screenshots and reports |
faq |
revision history |
licensing |
credits
Introduction
httprint is a web server fingerprinting tool. It relies on web server
characteristics to accurately identify web servers, despite the fact
that they may have been obfuscated by changing the server banner
strings, or by plug-ins such as mod_security or servermask. httprint
can also be used to detect web enabled devices which do not have a
server banner string, such as wireless access points, routers,
switches, cable modems, etc. httprint uses text signature strings and
it is very easy to add signatures to the signature database.
More details on how httprint works can be found in the Introduction to HTTP fingerprinting paper. It is printer-friendly.
Features
- Identification of web servers despite the banner string and any
other obfuscation. httprint can successfully identify the underlying
web servers when their headers are mangled by either patching the
binary, by modules such as mod_security.c or by commercial products such as ServerMask. Click here to see an example of how httprint detects disguised servers.
- Inventorying of web enabled devices such as printers, routers, switches, wireless access points, etc. Click on the sample HTML report.
- Customisable web server signature database. To add new
signatures, simply cut and paste the httprint output against unknown
servers into the signatures text file.
- Confidence Ratings. httprint now picks the best matches
based on confidence ratings, derived using a fuzzy logic technique,
instead of going by the highest weight. More details on the
significance of confidence ratings can be found in section 8.4 of the Introduction to HTTP fingerprinting paper.
- [new] Multi-threaded engine. httprint v301 is a
complete re-write, featuring a multi-threaded scanner, to process
multiple hosts in parallel. This greatly saves scanning time.
*multi-threading is not yet supported in the FreeBSD version.
- [new] SSL information gathering. httprint now
gathers SSL certificate information, which helps you identify expired
SSL certificates, ciphers used, certificate issuer, and other such SSL
related details.
- [new] Automatic SSL detection. httprint can detect
if a port is SSL enabled or not, and can automatically switch to SSL
connections when needed.
- Automatic traversal of HTTP 301 and 302 redirects. Many
servers who have transferred their content to other servers send a
default redirect response towards all HTTP requests. httprint now
follows the redirection and fingerprints the new server pointed to.
This feature is enabled by default and can be turned off, if needed.
- Ability to import web servers from nmap network scans. httprint can import nmap's xml output files.
- Reports in HTML, CSV and XML formats.
- Available on Linux, Mac OS X, FreeBSD (command line only) and Win32 (command line and GUI).
Downloads
httprint 301: (released on 22/12/05)
platform |
ver |
url |
md5 |
Win32 GUI and cmd line |
301 |
[download] |
a66408308c3f540030bbb0d59716b032 |
Linux |
301 |
[download] |
af53704de9c1851bd439cbe3fab3e0ad |
Mac OS X |
301 |
[download] |
6b188cd60df6eca5409694fa40859f0d |
FreeBSD |
301 |
[download] |
d5efd9463f671ce92f50ce3222f1774e |
Usage
The Win32 GUI version usage is quite straightforward. The Win32,
Linux, FreeBSD and Mac OS X command line version usage syntax is given here.
Signature File
If you are just looking for the updated httprint signatures, they can be found here. If you have signatures to contribute to the httprint signature database, please send us an email to
httprint@net-square.com
and we shall include in our database. We would appreciate your efforts in contributing signatures.
Download signatures.txt
Screenshots and reports
httprint v301 win32 GUI (click image to enlarge)
sample HTML report (click on image to enlarge)
httprint detecting disguised web servers (click on image for details)
Revision History
v301 |
- New multi-threaded engine.
- SSL information gathering.
- Automatic SSL port detection.
- Bug-fix: HTTP header server banner containing <script> tags used to cause Javascript execution in HTML generated reports.
- Bug-fix: HTTP server banners greater than 1024 bytes caused CPU usage to go up to 100%.
Both bugs reported by Mariano Nunez Di Croce mnunez@cybsec.com
|
v202 |
- Automatic HTTP 301, 302 traversal.
- Works with FreeBSD 4.x and 5.x.
- Cleaned up build process and version release.
|
v200 |
- Server matches are now chosen on confidence ratings instead of
highest weights.
- Reports can now be generated in XML format.
- FreeBSD version available.
|
v107 |
- Ability to import web server IP addresses and ports from
nmap's XML output files,
generated by the -oX option.
- Reports can now be generated in CSV format.
|
v105 |
|
Licensing
httprint is not open source, however, it is available at no cost for
personal, educational and non-commercial use. Should you require
httprint technology for commercial use, please contact us at: httprint@net-square.com
Credits
Please report bugs, send us feedback, or help us increase our web
servers signature database. A note of thanks goes to the members of our
Net-Square team, for helping build and test httprint - Shreeraj Shah,
Amish Shah, Hemil Shah and Dhaval Vasa. Special thanks go to all who
have helped us test httprint - Ofir Arkin and Nitesh Dhanjani. A note
of recognition is also given to Kuntal Daftary of Cisco for his
thoughts and ideas during early phases of research. Their relentless
effort has brought httprint to fruition.
We would also like to thank Jussi Jaakonaho, Simon B, Arthur
Quintalino, Joel Friedman, Sascha, Ritchie, Xavier Kaotico,
fbi-at-the-futureistoday-dot-com, Daniele Muscetta, Brahmdeep Jandir,
Zarco Zwier, Ralf Glauberman, Richard Reiner and John Miller for their
signature contributions.
httprint@net-square.com
|