httprint


Introduction

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or server mask. httprint can also be used to detect web-enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.

More details on how httprint works can be found in the Introduction to HTTP fingerprinting paper. It is printer-friendly.

Features

  • Identification of web servers despite the banner string and any other obfuscation. httprint can successfully identify the underlying web servers when their headers are mangled by either patching the binary, by modules such as mod_security.c or by commercial products such as ServerMask. Click here to see an example of how httprint detects disguised servers.

  • Inventorying of web enabled devices such as printers, routers, switches, wireless access points, etc. Click on the sample HTML report.

  • Confidence Ratings. httprint now picks the best matches based on confidence ratings, derived using a fuzzy logic technique, instead of going by the highest weight. More details on the significance of confidence ratings can be found in section 8.4 of the Introduction to HTTP fingerprinting paper.

  • [new] Multi-threaded engine. httprint v301 is a complete re-write, featuring a multi-threaded scanner, to process multiple hosts in parallel. This greatly saves scanning time. *multi-threading is not yet supported in the FreeBSD version.

  • [new] SSL information gathering. httprint now gathers SSL certificate information, which helps you identify expired SSL certificates, ciphers used, certificate issuer, and other such SSL related details.

  • [new] Automatic SSL detection. httprint can detect if a port is SSL enabled or not, and can automatically switch to SSL connections when needed.

  • Automatic traversal of HTTP 301 and 302 redirects. Many servers who have transferred their content to other servers send a default redirect response towards all HTTP requests. httprint now follows the redirection and fingerprints the new server pointed to. This feature is enabled by default and can be turned off if needed.

  • Ability to import web servers from nmap network scans. httprint can import nmap's XML output files.

  • Reports in HTML, CSV and XML formats.

  • Available on Linux, Mac OS X, FreeBSD (command line only) and Win32 (command line and GUI).

    • Download


    httprint 301: (released on 22/12/05)
    Platform VER URL md5
    Win32 GUI and cmd line 301 [DOWNLOAD] a66408308c3f540030bbb0d59716b032
    Linux 301 [DOWNLOAD] af53704de9c1851bd439cbe3fab3e0ad
    Mac OS X 301 [DOWNLOAD] 6b188cd60df6eca5409694fa40859f0d
    FreeBSD 301 [DOWNLOAD] d5efd9463f671ce92f50ce3222f1774e

    Usage


    The Win32 GUI version usage is quite straightforward. The Win32, Linux, FreeBSD, and Mac OS X command line version usage syntax is given here.


    Signature File


    If you are just looking for the updated httprint signatures, they can be found here. If you have signatures to contribute to the httprint signature database, please send us an email to httprint@net-square.com and we shall include in our database. We would appreciate your efforts in contributing signatures.


    Screenshots and reports


    Download signatures.txt


    Httprint v301 win32 GUI (click image to enlarge)




    Sample HTML report (click on image to enlarge)




    Httprint detecting disguised web servers (click on image for details)




    Licensing


    httprint is not open source, however, it is available at no cost for personal, educational and non-commercial use. Should you require httprint technology for commercial use, please contact us at httprint@net-square.com


    Credits

    Please report bugs, send us feedback, or help us increase our web servers signature database. A note of thanks goes to the members of our Net Square team, for helping build and test httprint – Shreeraj Shah, Amish Shah, Hemil Shah, and Dhaval Vasa. Special thanks go to all who have helped us test httprint – Ofir Arkin and Nitesh Dhanjani. A note of recognition is also given to Kuntal Daftary of Cisco for his thoughts and ideas during the early phases of research. Their relentless effort has brought httprint to fruition.

    We would also like to thank Jussi Jaakonaho, Simon B, Arthur Quintalino, Joel Friedman, Sascha, Ritchie, Xavier Kaotico, fbi-at-the-futureistoday-dot-com, Daniele Muscetta, Brahmdeep Jandir, Zarco Zwier, Ralf Glauberman, Richard Reiner and John Miller for their significant contributions. httprint@net-square.com

    Contact Us

    We'd love to hear from you whether you have questions related to our offerings, pricing or anything else. Our team is ready to answer all your questions

    India

    Ahmedabad Office,
    Paldi, Ahmedabad - 380007, India.


    Mumbai Office,
    Hiranandani Gardens, Powai,
    Mumbai - 400079, India.