thx for the reply
On Fri, Sep 28, 2012 at 8:03 AM, Andres Riancho <[email protected]>wrote:
> Luke,
>
> On Tue, Sep 25, 2012 at 11:17 PM, luke <[email protected]> wrote:
> >
> >
> > ---------- Forwarded message ----------
> > From: luke <[email protected]>
> > Date: Wed, Sep 26, 2012 at 10:16 AM
> > Subject: difference in hmap,fingerprint_os
> > To: [email protected]
> >
> >
> > Hi guys
> > I am using w3af doing some test ,I have a question about
> >
> > hmap,fingerprint_os this two module , this two module give the
> fingerprint
> > of the remote system information, what is the difference between them?
>
> With all due respect... RTFM! If you read the plugin description for
> both it will tell you...
>
> fingerprint_os
> This plugin fingerprints the remote web server and tries to
> determine the
> Operating System family (Windows, Unix, etc.).
>
> The fingerprinting is (at this moment) really trivial, because it
> only
> uses one technique: windows path separator in the URL. For
> example, if the
> input URL is http://host.tld/abc/def.html then the plugin
> verifies if the
> response for that resource and the
> http://host.tld/abc\\def.html is the same;
> which indicates that the server is running Windows.
>
> hmap
> This plugin fingerprints the remote web server and tries to
> determine the
> server type, version and patch level. It uses fingerprinting,
> not just the Server
> header returned by remote server. This plugin is a wrapper for
> Dustin Lee's hmap.
>
> One configurable parameters exist:
> - genFpF
>
> If genFpF is set to True, a fingerprint file is generated.
> Fingerprint files are
> used to identify web servers, if you generate new files please
> send them
> to [email protected] so we can add them to the framework.
>
> One important thing to notice is that hmap connects directly
> to the remote web
> server, without using the framework HTTP configurations (like
> proxy or authentication).
>
> If you need to know more about hmap, please read the source code :)
>
> Regards,
>
> >
> >
> > --
> > FIT1-213
> > Department of Computer Science
> > Tsinghua University, Beijing, 100084
> > http://about.me/anakin/bio
> >
> >
> >
> > --
> > FIT1-213
> > Department of Computer Science
> > Tsinghua University, Beijing, 100084
> > http://about.me/anakin/bio
> >
> >
> ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
--
FIT1-213
Department of Computer Science
Tsinghua University, Beijing, 100084
http://about.me/anakin/bio
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
