[Owasp-testing] New article on Web Application Fingerprint
jfernandez at germinus.com
Fri Dec 8 10:28:29 EST 2006
Matteo Meucci dijo:
> after some good Mauro and Eoin comments on paragraph: "4.2 Information
> Antonio has had the great idea to add a new paragraph titled:
> "4.2.1 Web Application Fingerprint"
> This par. describes how to test for what version and type of web
> server are running and search vulnerabilities and know exploits.
> I've edited the Index. Are you agree?
Is the article this one:
If so I think it would be good to:
- Reference hmap (it was the first OSS application I know of that
implemented behaviour-based HTTP fingerprinting). The main page is
and the thesis is available at
- Reference Nessus' hmap NASL script. Which is much more up-to-date and
accurate (includes many more new references). It is available at
- (This is rather obvious, but might fit) Notice that some servers
maintain the original 'favicon.ico' files distributed by thhe vendor.
Those icon files can be used to distinguish between different webservers
(and even web server versions). Check out the Nessus NASL plugin #20108
(http://www.nessus.org/plugins/index.php?view=single&id=20108) and the
attached .ico examples.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 8296 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20061208/1a5c4e67/attachment.zip
More information about the Owasp-testing