httprint
Introduction
httprint is a web server fingerprinting tool. It relies on web
server characteristics to accurately identify web servers, despite
the fact that they may have been obfuscated by changing the server
banner strings, or by plug-ins such as mod_security or servermask.
httprint can also be used to detect web enabled devices which do not
have a server banner string, such as wireless access points,
routers, switches, cable modems, etc. httprint uses text signature
strings and it is very easy to add signatures to the signature
database.
More details on how httprint works can be found in the Introduction to HTTP fingerprinting
paper. It is printer-friendly.
Features
- Identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules such as mod_security.c or by commercial products such as ServerMask. Click here to see an example of how httprint detects disguised servers.
- Inventorying of web enabled devices such as printers, routers, switches, wireless access points, etc. Click on the sample HTML report.
- Confidence Ratings. httprint now picks the best matches based on confidence ratings, derived using a fuzzy logic technique, instead of going by the highest weight. More details on the significance of confidence ratings can be found in section 8.4 of the Introduction to HTTP fingerprinting paper.
- [new] Multi-threaded engine. httprint v301 is a complete re-write, featuring a multi-threaded scanner, to process multiple hosts in parallel. This greatly saves scanning time. *multi-threading is not yet supported in the FreeBSD version.
- [new] SSL information gathering. httprint now gathers SSL certificate information, which helps you identify expired SSL certificates, ciphers used, certificate issuer, and other such SSL related details.
- [new] Automatic SSL detection. httprint can detect if a port is SSL enabled or not, and can automatically switch to SSL connections when needed.
- Automatic traversal of HTTP 301 and 302 redirects. Many servers who have transferred their content to other servers send a default redirect response towards all HTTP requests. httprint now follows the redirection and fingerprints the new server pointed to. This feature is enabled by default and can be turned off, if needed.
- Ability to import web servers from nmap network scans. httprint can import nmap’s xml output files.
- Reports in HTML, CSV and XML formats.
- Available on Linux, Mac OS X, FreeBSD (command line only) and Win32 (command line and GUI).
Downloads
httprint 301: (released on 22/12/05)| Platform |
VER |
URL |
md5 |
| Win32 GUI and cmd line | 301 |
[DOWNLOAD] |
a66408308c3f540030bbb0d59716b032 |
| Linux | 301 |
[DOWNLOAD] | af53704de9c1851bd439cbe3fab3e0ad |
| Mac
OS X |
301 |
[DOWNLOAD] | 6b188cd60df6eca5409694fa40859f0d |
| FreeBSD | 301 |
[DOWNLOAD] | d5efd9463f671ce92f50ce3222f1774e |
Usage
The Win32 GUI version usage is quite straightforward. The Win32, Linux, FreeBSD and Mac OS X command line version usage syntax is given here.
Signature File
If you are just looking for the updated httprint signatures, they
can be found here. If you have signatures to contribute to the
httprint signature database, please send us an email to
httprint@net-square.com and we shall include in our database. We
would appreciate your efforts in contributing signatures.
Download signatures.txt
Screenshots and reports
httprint v301 win32 GUI (click image to enlarge)
sample HTML report (click on image to enlarge)
httprint detecting disguised web servers (click on image for details)
Licensing
httprint is not open source, however, it is available at no cost for personal, educational and non-commercial use. Should you require httprint technology for commercial use, please contact us at: httprint@net-square.com
Credits
Please report bugs, send us feedback, or help us increase our web servers signature database. A note of thanks goes to the members of our Net-Square team, for helping build and test httprint – Shreeraj Shah, Amish Shah, Hemil Shah and Dhaval Vasa. Special thanks go to all who have helped us test httprint – Ofir Arkin and Nitesh Dhanjani. A note of recognition is also given to Kuntal Daftary of Cisco for his thoughts and ideas during early phases of research. Their relentless effort has brought httprint to fruition.
We would also like to thank Jussi Jaakonaho, Simon B, Arthur
Quintalino, Joel Friedman, Sascha, Ritchie, Xavier Kaotico,
fbi-at-the-futureistoday-dot-com, Daniele Muscetta, Brahmdeep
Jandir, Zarco Zwier, Ralf Glauberman, Richard Reiner and John Miller
for their signature contributions.
httprint@net-square.com