Luke,
On Tue, Sep 25, 2012 at 11:17 PM, luke <[email protected]> wrote:
>
>
> ---------- Forwarded message ----------
> From: luke <[email protected]>
> Date: Wed, Sep 26, 2012 at 10:16 AM
> Subject: difference in hmap,fingerprint_os
> To: [email protected]
>
>
> Hi guys
> I am using w3af doing some test ,I have a question about
>
> hmap,fingerprint_os this two module , this two module give the fingerprint
> of the remote system information, what is the difference between them?
With all due respect... RTFM! If you read the plugin description for
both it will tell you...
fingerprint_os
This plugin fingerprints the remote web server and tries to
determine the
Operating System family (Windows, Unix, etc.).
The fingerprinting is (at this moment) really trivial, because it only
uses one technique: windows path separator in the URL. For
example, if the
input URL is http://host.tld/abc/def.html then the plugin
verifies if the
response for that resource and the
http://host.tld/abc\\def.html is the same;
which indicates that the server is running Windows.
hmap
This plugin fingerprints the remote web server and tries to
determine the
server type, version and patch level. It uses fingerprinting,
not just the Server
header returned by remote server. This plugin is a wrapper for
Dustin Lee's hmap.
One configurable parameters exist:
- genFpF
If genFpF is set to True, a fingerprint file is generated.
Fingerprint files are
used to identify web servers, if you generate new files please
send them
to [email protected] so we can add them to the framework.
One important thing to notice is that hmap connects directly
to the remote web
server, without using the framework HTTP configurations (like
proxy or authentication).
If you need to know more about hmap, please read the source code :)
Regards,
>
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
>
>
> --
> FIT1-213
> Department of Computer Science
> Tsinghua University, Beijing, 100084
> http://about.me/anakin/bio
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
