On Monday 30 September 2002 08:36 am, Michel Arboi wrote:
> "Henriksen, Benjamin" <[EMAIL PROTECTED]> writes:
> > Try the "http server type and version" and the "http version spoken"
> > plugin, one of them should provide you with the banner.
>
> Maybe http_version.nasl should output a "note" saying which server it
> found?
Check out the http_version.nasl code below, it can detect IIS/Apache servers
even when banners are disabled. It pretty inefficient right now, but works against
the couple tests cases I needed it to. I was going to put it into a plugin of its own,
but had an immediate use for it so just merged it into the old one for now. I could
use some help reorganizing the fingerprint system and getting signatures for other
web server types (Zope, iPlanet, etc).
#
# Copyright 2000 by Hendrik Scholz <[EMAIL PROTECTED]>
#
# See the Nessus Scripts License for details
#
# This script is based on the webserver detect script from SecuriTeam.
# But this one uses an HTTP 1.0 request :-)
# Modified by hdm to do some basic fingerprinting
#
if(description)
{
script_id(10107);
script_version ("$Revision: 1.26 $");
name["english"] = "HTTP Server type and version";
script_name(english:name["english"]);
desc["english"] = "This detects the HTTP Server's type and version.
Solution: Configure your server to use an alternate name like
'Wintendo httpD w/Dotmatrix display'
Be sure to remove common logos like apache_pb.gif.
With Apache, you can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Risk factor : Low";
script_description(english:desc["english"]);
summary["english"] = "HTTP Server type and version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000 Securiteam / modified by
H. Scholz");
family["english"] = "General";
script_family(english:family["english"]);
script_dependencie("find_service.nes", "httpver.nasl", "no404.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
function request (port, req)
{
soc = open_sock_tcp(port);
if (!soc) exit(0);
send(socket:soc, data:req);
http_resp = recv(socket:soc, length:32768);
close (soc);
return(http_resp);
}
##
# Server Signatures
##
##############################
# IIS GET Request Signatures #
##############################
SigIISReq[0] = "/FingerPrint.html"; SigIISPat[0] = "<title>The page cannot be
found</title>|<body>The system cannot find the file specified|<title>Object Not
Found</title>";
SigIISReq[1] = "/FingerPrint.ida"; SigIISPat[1] = "The IDQ file";
SigIISReq[2] = "/FingerPrint.idq"; SigIISPat[2] = "The IDQ file";
SigIISReq[3] = "/FingerPrint.idc"; SigIISPat[3] = "Error Performing Query";
SigIISReq[4] = "/FingerPrint.htw"; SigIISPat[4] = "The format of QUERY_STRING is
invalid";
SigIISReq[5] = "/global.asa"; SigIISPat[5] = "Requests for global.asa";
SigIISReq[6] = "/scripts/"; SigIISPat[6] = "This Virtual Directory does not
allow contents to be listed";
#################################
# Apache GET Request Signatures #
#################################
SigApacheReq[0] = "/FingerPrint.html"; SigApachePat[0] = "The requested URL
/FingerPrint.html was not found";
SigApacheReq[1] = "/cgi-bin/"; SigApachePat[1] = "You don't have permission
to access /cgi-bin";
SigApacheReq[2] = "/icons/"; SigApachePat[2] = "You don't have permission
to access /icons";
SigApacheReq[3] = "/icons/"; SigApachePat[3] = "apache_pb.png";
SigApacheReq[4] = "/manual/"; SigApachePat[4] = "Apache HTTP Server";
######################
# Non-Get Signatures #
######################
SigApacheBadMeth = "Invalid method in request FINGERPRINT";
SigIISBadMeth = "The specified method is not supported";
fingered = 0;
debug = 1;
port = get_kb_item("Services/www");
if (!port) port = 80;
if (!get_port_state(port)) exit(0);
#
# attempt to fingerprint the web server
#
##
# IIS Get Request Tests
##
for (x=0; SigIISReq[x]; x=x+1)
{
url = SigIISReq[x];
pat = SigIISPat[x];
if (! fingered)
{
if(debug) display("Trying URL: ", url, " (", pat, ")\n");
req = http_get(port:port, item:url);
res = request(port:port, req:req);
if (ereg(pattern:pat, string:res))
{
if(debug)display("Detected server as IIS\n");
set_kb_item(name:"www/iis", value:TRUE);
fingered = 1;
}
}
}
##
# Apache Get Request Tests
##
for (x=0; SigApacheReq[x]; x=x+1)
{
if (! fingered)
{
url = SigApacheReq[x];
pat = SigApachePat[x];
if(debug) display("Trying URL: ", url, " (", pat, ")\n");
req = http_get(port:port, item:url);
res = request(port:port, req:req);
if (ereg(pattern:pat, string:res))
{
if(debug)display("Detected server as Apache\n");
set_kb_item(name:"www/apache", value:TRUE);
fingered = 1;
}
}
}
if (! fingered)
{
req = string("FINGERPRINT / HTTP/1.0\r\n\r\n");
res = request(port:port, req:req);
if (SigApacheBadMeth >< res)
{
if(debug)display("Detected server as Apache\n");
set_kb_item(name:"www/apache", value:TRUE);
fingered = 1;
}
if (SigIISBadMeth >< res)
{
if(debug)display("Detected server as IIS\n");
set_kb_item(name:"www/iis", value:TRUE);
fingered = 1;
}
}
#
# try the standard web server banner checks
#
soc = open_sock_tcp(port);
if (!soc) exit(0);
data = http_get(item:"/", port:port);
resultsend = send(socket:soc, data:data);
resultrecv = http_recv_headers(soc);
found = 0;
if ("Server: " >< resultrecv)
{
svrline = egrep(pattern:"^Server:", string:resultrecv);
svr = ereg_replace(pattern:"^Server: (.*)$", string:svrline, replace:"\1");
security_note(port:port, data:svr);
# exit if we already determined the server type
if (fingered) exit(0);
#
# begin web server matches
#
if(egrep(pattern:"^Server:.*Domino.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/domino", value:TRUE);
}
if(egrep(pattern:"^Server:.*Apache.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/apache", value:TRUE);
}
if(egrep(pattern:"^Server:.*Apache.* Tomcat/", string:svrline, icase:1))
{
found = found + 1;
set_kb_item(name:"www/tomcat", value:TRUE);
}
if(egrep(pattern:"^Server:.*Microsoft.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/iis", value:TRUE);
}
if(egrep(pattern:"^Server:.*Zope.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/zope", value:TRUE);
}
if(egrep(pattern:"^Server:.*CERN.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/cern", value:TRUE);
}
if(egrep(pattern:"^Server:.*Zeus.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/zeus", value:TRUE);
}
if(egrep(pattern:"^Server:.*WebSitePro.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/websitepro", value:TRUE);
}
if(egrep(pattern:"^Server:.*NCSA.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/ncsa", value:TRUE);
}
if(egrep(pattern:"^Server:.*Netscape-Enterprise.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/iplanet", value:TRUE);
}
if(egrep(pattern:"^Server:.*thttpd/.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/thttpd", value:TRUE);
}
if(egrep(pattern:"^Server:.*WDaemon.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/wdaemon", value:TRUE);
}
if(egrep(pattern:"^Server:.*SAMBAR.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/sambar", value:TRUE);
}
if(egrep(pattern:"^Server:.*IBM-HTTP-Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/ibm-http", value:TRUE);
}
if(egrep(pattern:"^Server:.*Alchemy.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/alchemy", value:TRUE);
}
if(egrep(pattern:"^Server:.*Rapidsite/Apa.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/apache", value:TRUE);
}
if(egrep(pattern:"^Server:.*Statistics Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/statistics-server", value:TRUE);
}
if(egrep(pattern:"^Server:.*CommuniGatePro.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/communigatepro", value:TRUE);
}
if(egrep(pattern:"^Server:.*Savant.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/savant", value:TRUE);
}
if(egrep(pattern:"^Server:.*StWeb.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/stweb", value:TRUE);
}
if(egrep(pattern:"^Server:.*StWeb.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/apache", value:TRUE);
}
if(egrep(pattern:"^Server:.*Oracle HTTP Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/OracleApache", value:TRUE);
}
if(egrep(pattern:"^Server:.*Oracle HTTP Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/apache", value:TRUE);
}
if(egrep(pattern:"^Server:.*OfficeScan.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/officescan", value:TRUE);
}
if(egrep(pattern:"^Server:.*ThinAirApps-ThinAir Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/thinair", value:TRUE);
}
if(egrep(pattern:"^Server:.*PIX.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/pfm", value:TRUE);
}
if(egrep(pattern:"^Server:.*CompaqHTTPServer.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/compaq", value:TRUE);
}
if(egrep(pattern:"^Server:.*JRun.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/jrun", value:TRUE);
}
if(egrep(pattern:"^Server:.*Stronghold.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/stronghold", value:TRUE);
}
if(egrep(pattern:"^Server:.*Stronghold.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/apache", value:TRUE);
}
if(egrep(pattern:"^Server:.*MiniServ.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/miniserv", value:TRUE);
}
if(egrep(pattern:"^Server:.*vqServer.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/vqserver", value:TRUE);
}
if(egrep(pattern:"^Server:.*VisualRoute.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/visualroute", value:TRUE);
}
if(egrep(pattern:"^Server:.*Squid.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/squid", value:TRUE);
}
if(egrep(pattern:"^Server:.*OmniHTTPd.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/omnihttpd", value:TRUE);
}
if(egrep(pattern:"^Server:.*linuxconf.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/linuxconf", value:TRUE);
}
if(egrep(pattern:"^Server:.*CompaqHTTPServer.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/compaq", value:TRUE);
}
if(egrep(pattern:"^Server:.*WebSTAR.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/webstar", value:TRUE);
}
if(egrep(pattern:"^Server:.*AppleShareIP.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/appleshareip", value:TRUE);
}
if(egrep(pattern:"^Server:.*Jigsaw.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/jigsaw", value:TRUE);
}
if(egrep(pattern:"^Server:.*Resin.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/resin", value:TRUE);
}
if(egrep(pattern:"^Server:.*AOLserver.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/aolserver", value:TRUE);
}
if(egrep(pattern:"^Server:.*IdeaWebServer.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/ideawebserver", value:TRUE);
}
if(egrep(pattern:"^Server:.*FileMakerPro.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/filemakerpro", value:TRUE);
}
if(egrep(pattern:"^Server:.*NetWare-Enterprise-Web-Server.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/netware", value:TRUE);
}
if(egrep(pattern:"^Server:.*Roxen.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/roxen", value:TRUE);
}
if(egrep(pattern:"^Server:.*SimpleServer:WWW.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/simpleserver", value:TRUE);
}
if(egrep(pattern:"^Server:.*Allegro-Software-RomPager.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/allegro", value:TRUE);
}
if(egrep(pattern:"^Server:.*GoAhead-Webs.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/goahead", value:TRUE);
}
if(egrep(pattern:"^Server:.*Xitami.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/xitami", value:TRUE);
}
if(egrep(pattern:"^Server:.*EmWeb.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/emweb", value:TRUE);
}
if(egrep(pattern:"^Server:.*Ipswitch-IMail.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/ipswitch-imail", value:TRUE);
}
if(egrep(pattern:"^Server:.*Netscape-FastTrack.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/netscape-fasttrack", value:TRUE);
}
if(egrep(pattern:"^Server:.*AkamaiGHost.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/akamaighost", value:TRUE);
}
if(egrep(pattern:"^Server:.*[aA]libaba.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/alibaba", value:TRUE);
}
if(egrep(pattern:"^Server:.*tigershark.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/tigershark", value:TRUE);
}
if(egrep(pattern:"^Server:.*Netscape-Commerce.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/netscape-commerce", value:TRUE);
}
if(egrep(pattern:"^Server:.*Oracle_Web_listener.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/oracle-web-listener", value:TRUE);
}
if(egrep(pattern:"^Server:.*Caudium.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/caudium", value:TRUE);
}
if(egrep(pattern:"^Server:.*Communique.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/communique", value:TRUE);
}
if(egrep(pattern:"^Server:.*Cougar.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/cougar", value:TRUE);
}
if(egrep(pattern:"^Server:.*FirstClass.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/firstclass", value:TRUE);
}
if(egrep(pattern:"^Server:.*NetCache.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/netcache", value:TRUE);
}
if(egrep(pattern:"^Server:.*AnWeb.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/anweb", value:TRUE);
}
if(egrep(pattern:"^Server:.*Pi3Web.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/pi3web", value:TRUE);
}
if(egrep(pattern:"^Server:.*TUX.*", string:svrline))
{
found = found + 1;
set_kb_item(name:"www/tux", value:TRUE);
}
}
close (soc)
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
