Httprecon is a http fingerprinting tool for Windows. The results are based on the analysis of 9 requests:
– GET existing
– GET long request
– GET non-existing
– GET wrong protocol
– HEAD existing
– OPTIONS common
– DELETE existing
– TEST method
– Attack Request
Basically, any item of data returned by the server may be customized or even intentionally forged, and banners like the Server header are no exception.
Most application server software enables the administrator to configure the banner returned in the Server HTTP header. Notwithstanding measures such as this, it is usually possible for a determined attacker to use other aspects of the web server’s behavior to determine the software in use or at least narrow down the scope of possibilities. The HTTP specification includes a lot of details that are optional or left to an implementer’s discretion.
Also, many web servers deviate from or extend the specification in various ways. As a result, a web server can be fingerprinted in numerous subtle ways, other than via its Server banner.
Httprecon is a handy tool that performs a number of tests in an attempt to fingerprint a web server’s software. The following screenshot shows Httprecon running against the “192.168.100.24” server and reporting various possible web servers with different degrees of confidence.