Some people always ask how to judge the Web server, and ask the scanner that has a sudden menstruation.
Such as nmap nc nikto ....
What should we do with so many scanners? NMAP is enough!
Method N: a few more examples!
Nmap
Pentest @ yinyin :~ $ Nmap-sV-p 80 www.xxoo.com
Starting Nmap 5.00 (http://nmap.org) at 2010-05-24 CST
Interesting ports on 203. xxx. xxx.1 × 1:
PORT STATE SERVICE VERSION
80/tcp open http nginx web server 0.8.16
Service detection completed MED. Please report any incorrect results at http://nmap.org/submit.
Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds
------------------------------------
Nc
Pentest @ yinyin :~ $ Nc-vv www.xxoo.com 80
Connection to www.xxoo.info 80 port [tcp/www] succeeded!
Gethttp/1.1
HTTP/1.1 400 Bad Request
Date: Mon, 24 May 2010 11:54:35 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset = iso-8859-1 ........ Omitted
------------------------------------
Curl
LCurl is a tool used to transmit data over the network. It supports HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, and other protocols. With curl, you can download server data or upload local data to the server. Curl has many options. You can refer to curl official instructions!
Pentest @ yinyin :~ $ Curl-head http://www.artist-tc.com/
HTTP/1.1 200 OK
Server: nginx/0.8.16
Date: Mon, 24 May 2010 12:00:55 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout = 20
Vary: Accept-Encoding
------------------------------------
Provides batch processing that can be scanned in batches! You can write it all at once!
Echo FOR/F ^ % a IN (1.txt) DO nmap-sV-PN-p 80 ^ % a-r> scan. bat
Cmd.exe <scan. bat
Del/q/f scan. bat
Pause
Write the IP segment of the website to be scanned into 1.txt! You need to install nmap. Do not save it or modify the filter results!
Scan the script in curl!
Create a site.txt file first, and enter the corresponding website.
Pentest @ ubuntu :~ $ Head site.txt
G.cn
Baidu.com
Qq.com
Www.xxoo.com
In combination with the following curl.shscript, you will be notified of the server type of the website in site.txt.
#! /Bin/sh
IIS = 0
Nginx = 0
Apache = 0
Other = 0
If [! -F site.txt]; then
Echo "ERROR: site.txt NOT exists !"
Exit 1
Fi
Total = 'wc-l site.txt | awk '{print $1 }''
For website in 'cat site.txt'
Do
Server = 'curl-Is-connect-timeout 15 $ website | awk-F ":" '/^ Server:/{print $2 }''
Echo-e $ website ":" $ server
If echo $ server | grep-I "IIS">/dev/null
Then IIS = 'expr $ IIS + 1'
Elif echo $ server | grep-I "Apache">/dev/null
Then Apache = 'expr $ Apache + 1'
Elif echo $ server | grep-I "nginx">/dev/null
Then nginx = 'expr $ nginx + 1'
Else other = 'expr $ other + 1'
Fi
Done
Echo "---------------"
Echo-e "TotalApacheIISnginxother"
Echo-e "$ total $ Apache $ IIS $ nginx $ other"
Echo-e "100%" 'echo "scale = 5; $ Apache/$ total * 100" | bc | cut-C1-5 '"%" 'echo "scale = 5; $ IIS/$ total * 100 "| bc | cut-C1-5 '" % "'echo" scale = 5; $ nginx/$ total * 100 "| bc | cut-C1-5 '" % "'echo" scale = 5; $ other/$ total * 100 "| bc | cut-C1-5 '" %"
Echo "---------------"
Exit 0
Output result:
Pentest @ ubuntu :~ $./Curl. sh
-E g.cn: gws
-E baidu.com: Apache
-E qq.com: nginx/0.6.39
-E www.artist-tc.com: nginx/0.8.16
---------------
-E Total Apache IIS nginx other
-E 4 1 0 2 1
-E 100% 25.00% 0% 50.00% 25.00%
---------------
....................................................................................................