There are many popular Web servers, such as apache and tomcat in unix and linux, IIS in windows, and WebSphere in IBM, BEA WebLogic also has some small and lightweight nginx, micro_httpd-really small HTTP serve, LightTPD, etc. Of course apache is the most popular. Web applications are built on Web server software, and Web server software often has some vulnerabilities. If the website server software has vulnerabilities and the updates are not timely, they may be exploited.
During penetration testing, we need to know the Web server software and its version of the target website. There are many methods to detect Web server software, such as the nmap powerful port scanning tool in linux. Here we will introduce another httprint tool that can run httprint on windows, it is a graphic interface software that is easy to use. Software running interface:
. You can specify the domain name or IP address of the website to be scanned in input.txt (note that one IP address corresponds to multiple domain names ). Click "load"
In the input.txt file, click Run. The scan results are as follows:
The apache website uses apache2.0, and microsoft IIS6.0 is used for this website (easy to trace.