?
Solved

web server info

Posted on 2003-03-18
11
Medium Priority
?
210 Views
Last Modified: 2010-03-05
Hello,

I remember having a perl script that when given the ip address of a web server it would make a connection and get the type of web server that was running (IIS, Apache etc...) and version.  It returned the header information or something like that.  This was a couple of years back.  I'm trying to find out how many machine on my network have IIS 5.0 running on them.  It come with Windows 2K Pro and everyone seems to have it.

Can anyone help me out here?

Thanks,

Joe
0
Comment
Question by:jvieira
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 500 total points
ID: 8162813
#!/usr/bin/perl
use LWP::Simple;
$server = (head("http://www.experts-exchange.com"))[4];
print "$server\n";

Returns

Apache/1.3.26 (Unix) PHP/4.2.3 mod_ssl/2.8.10 OpenSSL/0.9.6g mod_jk/1.2.0
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8163408
you can not rely on the result including this information though.  There are many systems that believe that this is a security breach and hide what they are or masquerade as something else.
0
 
LVL 1

Expert Comment

by:biglug
ID: 8163490
Netcraft have a 'what's that site running?' interface at http://uptime.netcraft.com/up/graph/

Reading their docs, they don't  tell you how they determine the HTTP server. But I'd assume its as Tintin mentions above. HOWEVER, do take note of jhurst's cavaet.

Netcraft's site is interesting in that it also determine's the OS by "looking in detail at the network characteristics of the HTTP reply received from the web site" ... basically the order the headers arrived, or some "Server: " headers will tell you.

Anyways, the most reliable is probably Tintin's method, especially if they're your servers and you can see if they provide a useful response :)

(Don't give me the points, I'm just commenting on Netcraft's site)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 48

Expert Comment

by:Tintin
ID: 8163564
nmap will tell you the OS type using TCP fingerprinting.
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8163805
Actually I would add one extra suggestion.  Go for a pae that is not there.  The error response often gives more information than the correct information.  The header is likely to be similar but the 404-error handling tends to be VERY different especally if the site has left the default handling in place.
0
 

Author Comment

by:jvieira
ID: 8168234
That's exactly what I need.  I'm not too worried about people securing their machine not to release this information.  Most of them don't even know that they have IIS on their machines.

Thanks,
0
 
LVL 8

Expert Comment

by:jhurst
ID: 8168579
as a matter of interest, why do you care what web server they are running?
0
 

Author Comment

by:jvieira
ID: 8169875
We just recently dicovered that a lot of our users have IIS on their machines.  With all the bugs, security holes, and virus for IIS this is a problem.  We have to find out who has them so we can patch their machines before they bring the newtork down, AGAIN!  Now we also have other applications that use apache, Now we have a limited license with the app that uses apache, yet someone managed to get a CD and pass it around.  So we have to track how many of those we have.

These users have way too much control and I'm stuck fixing their mess.

0
 
LVL 48

Expert Comment

by:Tintin
ID: 8169975
Sounds like you need a vulnerability scanner in your environment.

Something like ISS Internet Scanner (or any number of other products)

See http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php
0
 

Author Comment

by:jvieira
ID: 8170043
That requires money.  The only thing this company spends money on is sending executives on golf trips and then comming back and telling us we spend too much money on IT and we need to cut back.  The politics and how this company spends money requires me to write individual programs to do what we need.  It keeps me employed but there are definetly better ways that this can be done.  On the upside if they ever fire me the network should collapse on itself in about a week.  JOY!
0
 
LVL 48

Expert Comment

by:Tintin
ID: 8171165
OK, I've you want a freebie, I suggest Nessus

http://www.nessus.org/
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question