?
Solved

web server info

Posted on 2003-03-18
11
Medium Priority
?
222 Views
Last Modified: 2010-03-05
Hello,

I remember having a perl script that when given the ip address of a web server it would make a connection and get the type of web server that was running (IIS, Apache etc...) and version.  It returned the header information or something like that.  This was a couple of years back.  I'm trying to find out how many machine on my network have IIS 5.0 running on them.  It come with Windows 2K Pro and everyone seems to have it.

Can anyone help me out here?

Thanks,

Joe
0
Comment
Question by:jvieira
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 500 total points
ID: 8162813
#!/usr/bin/perl
use LWP::Simple;
$server = (head("http://www.experts-exchange.com"))[4];
print "$server\n";

Returns

Apache/1.3.26 (Unix) PHP/4.2.3 mod_ssl/2.8.10 OpenSSL/0.9.6g mod_jk/1.2.0
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8163408
you can not rely on the result including this information though.  There are many systems that believe that this is a security breach and hide what they are or masquerade as something else.
0
 
LVL 1

Expert Comment

by:biglug
ID: 8163490
Netcraft have a 'what's that site running?' interface at http://uptime.netcraft.com/up/graph/

Reading their docs, they don't  tell you how they determine the HTTP server. But I'd assume its as Tintin mentions above. HOWEVER, do take note of jhurst's cavaet.

Netcraft's site is interesting in that it also determine's the OS by "looking in detail at the network characteristics of the HTTP reply received from the web site" ... basically the order the headers arrived, or some "Server: " headers will tell you.

Anyways, the most reliable is probably Tintin's method, especially if they're your servers and you can see if they provide a useful response :)

(Don't give me the points, I'm just commenting on Netcraft's site)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Tintin
ID: 8163564
nmap will tell you the OS type using TCP fingerprinting.
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8163805
Actually I would add one extra suggestion.  Go for a pae that is not there.  The error response often gives more information than the correct information.  The header is likely to be similar but the 404-error handling tends to be VERY different especally if the site has left the default handling in place.
0
 

Author Comment

by:jvieira
ID: 8168234
That's exactly what I need.  I'm not too worried about people securing their machine not to release this information.  Most of them don't even know that they have IIS on their machines.

Thanks,
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8168579
as a matter of interest, why do you care what web server they are running?
0
 

Author Comment

by:jvieira
ID: 8169875
We just recently dicovered that a lot of our users have IIS on their machines.  With all the bugs, security holes, and virus for IIS this is a problem.  We have to find out who has them so we can patch their machines before they bring the newtork down, AGAIN!  Now we also have other applications that use apache, Now we have a limited license with the app that uses apache, yet someone managed to get a CD and pass it around.  So we have to track how many of those we have.

These users have way too much control and I'm stuck fixing their mess.

0
 
LVL 48

Expert Comment

by:Tintin
ID: 8169975
Sounds like you need a vulnerability scanner in your environment.

Something like ISS Internet Scanner (or any number of other products)

See http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php
0
 

Author Comment

by:jvieira
ID: 8170043
That requires money.  The only thing this company spends money on is sending executives on golf trips and then comming back and telling us we spend too much money on IT and we need to cut back.  The politics and how this company spends money requires me to write individual programs to do what we need.  It keeps me employed but there are definetly better ways that this can be done.  On the upside if they ever fire me the network should collapse on itself in about a week.  JOY!
0
 
LVL 48

Expert Comment

by:Tintin
ID: 8171165
OK, I've you want a freebie, I suggest Nessus

http://www.nessus.org/
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Article by: Tammy
MySQLTuner is a script written in Perl that allows you to review a MySQL installation quickly and make adjustments to increase performance and stability. The current configuration variables and status data is retrieved and presented in a brief forma…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question