• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

Is there a way to know if a server is a web server?

I have many servers to manage. I need to find out which particular server is a web server. Though this can be evaluvated if it has IIS or not, but I specifically want to have something like some special process or task that runs if a server is acting as a web server. I basically want to know, if there is someway to know that and can I use that command or find that process by scripting. Please let me know, if such a thing exists and in case more clarification on my part is required.

Thanks

LordSM
0
LordSM
Asked:
LordSM
  • 18
  • 13
  • 3
  • +2
1 Solution
 
northcideCommented:
portscan a range of addresses for port 80 and 443.  of course if there are webservers with non-standard ports you'll need to scan those ports as well

use nmap on unix environments
http://www.famatech.com/products/utilities/portscanner.php from windows.
0
 
marce_litoCommented:
just for curiosity, why wouldn't he use nmap on windows?

btw, make sure you don't nmap computers you don't have permission to do so...
0
 
kenfcampCommented:
[just for curiosity, why wouldn't he use nmap on windows]

Marce_lito,

This was more than likely to make things easy for the poster.
nmap is installed by default under Linux and is readily available.

Installing it under Windows requires it to be compiled with "Microsoft Visual C++ 2005" which most people don't (or won't) have access to.

It's easier to just provide a link to one that's ready to go. I'm assuming that northcide has used the linked app in the past, and feels it's worthy of linking to.

[make sure you don't nmap computers you don't have permission to do so]

Very good point to make ;)

Ken
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
marce_litoCommented:
You can find nmap binaries for windows in the official nmap site:

http://insecure.org/nmap/download.html

even with an installer... i do agree with you that maybe a command-line interface is different from what windows users are accustomed to... so you two have a point there... i'm just very used to work with nmap on windows, so i was surprised :)

then again, northcide's answer is a very good one... i'd still use nmap over the advanced port scanner mainly because nmap's -A switch... (which is wonderful describing quickly the OS and services versions, but it can trigger some firewall/antivirus products to raise an alarm)
0
 
kenfcampCommented:
marce_lito,

Wasn't aware of that ;)

must agree with "-A" on nmap
0
 
marce_litoCommented:
a little off-topic conversation, but a nice one indeed :)
0
 
LordSMAuthor Commented:
Thanks for the wonderful points guys. It surely is helpful. But my flux here is that I am trying to get this done using some script for the place where I might use it, it will amount to hacking. Though I know, it is a neat tool, but I still might not be able to run it. Is is possible we can script something to do it, given that we have credentials to access the Servers.

Thanks in advance
0
 
marce_litoCommented:
ok then :)

if you are looking for a specific process on a machine, you can use pstools' pslist... it can list processes on a local or remote machine... good software... i think the IIS web service process is inetinfo.exe (please correct me if i'm worng, not sure here)...

any web server that runs in a standard port must be listening on port 80... so doing a «netstat -an|find "LISTENING"|find "80"» will show you any process listening on port 80...

do you need to do this on a specific machine sporadically or a group of machines continuosly/quickly?
0
 
LordSMAuthor Commented:
My situation is that I can not use much of the outside tools as the guys wont permit me. So a good way might be to log in to a server and see at some specific process that confirms if it is an IIS Server. And I need to check on hunderds of them, so it is not good for me to manually log in to a machine, every single time, so I was wondering if we can write some script on it. Also, I think port scan for 80 will be a good option and having to see inetinfo.exe will help. But is there some specific process that can guarantee that it is a web server? How about W3SVC, can that help? And can we script something to login to a server and check
0
 
marce_litoCommented:
hehehe, you were right... it's been a long time since i don't work with IIS... the process is w3svc... however, not seeing it won't guarantee the machine is not a web server, as many others different than IIS can be installed... i'd go with the netstat solution, which, thanks to God, does not need any external program other than standard windows commands...

anyway, i really don't know a scriptable way to list the processes of a machine without using pstools... if you are worried because they won't let you install anything on the server, you should know that pstools don't need any installation... they can be copied even on a remote workstation that has ip connectivity to the servers... great tools...
0
 
kenfcampCommented:
[I can not use much of the outside tools as the guys wont permit me <snip>
And I need to check on hunderds of them ]

A lot of this just isn't adding up.

If your network literally consists of "hundreds" of servers, then I'm sure there is a network/server monitoring utility or in the least a server list already in use or available. My advice is to get in touch with your network administrator (or supervisor) and explain what it is you're trying to do, or what information you need.

[can we script something to login to a server and check]

My guess is that if you're not allowed to install or use a simple network tool like nmap, something like this may also land you in the unemployment line.

Ken
0
 
marce_litoCommented:
ken's got a point, listen to the man :)

if i were your network administrator i'd rather let you use nmap on your computer than give you (administrative?) rights to login on the servers to check the processes and let you do some sort of scripting on them
0
 
ahoffmannCommented:
0
 
LordSMAuthor Commented:
Good news guys, I finally am getting to use Nmap.... and no unemployment as well :D

The thing, I was trying to work on was to determine, if it is a web server. I used -vv & -sV options using Nmap. Does that effectively tell me if I have a web server or not? I can run scans on most of the ports to determine that. The info I got from using above options only tell me:

Port State Service, which for IIS Web Server is Http. TCP/IP Finger Print. And List of Services which was gibberish to me as it contained only x's and /'s .

Is there is some way in Nmap that you know of by which I can get more precisely is Web Server is running or not or if there are any webservices or portals hosted on it.

Thanks in advance
0
 
LordSMAuthor Commented:
Also, How do I know, using NMAP if W3svc is running or not
0
 
marce_litoCommented:
try something like this:
nmap -A -p 80,443 192.168.1.1-254 (change this to the range of ip addresses of your servers)

below is a copy of a nmap scan on my router (a dlink di-624, a cheap piece of ....)
there you will see than some web server is running (tcpwrapped), not necessarily IIS... my comments are underscored ____

Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-17 17:51 Hora est. del Pac
Ýfico de SA
Insufficient responses for TCP sequencing (3), OS detection may be less accurate

Insufficient responses for TCP sequencing (3), OS detection may be less accurate

Insufficient responses for TCP sequencing (3), OS detection may be less accurate

Insufficient responses for TCP sequencing (3), OS detection may be less accurate

Insufficient responses for TCP sequencing (3), OS detection may be less accurate

Interesting ports on 192.168.1.1:
PORT    STATE  SERVICE    VERSION
80/tcp  open   tcpwrapped   __you see it's open, then a web server must be running on it__
443/tcp closed https  __it's closed, so there's no SSL in that web server___
MAC Address: 00:17:9A:47:40:A5 (D-Link)
No exact OS matches for host (If you know what OS is running on it, see http://i
nsecure.org/nmap/submit/ ).
TCP/IP fingerprint:  __this is to identify the OS of hte machine, as dlink's firmware is not on the db, it says it's unknown___
OS:SCAN(V=4.20%D=8/17%OT=80%CT=443%CU=42225%PV=Y%DS=1%G=Y%M=00179A%TM=46C62
OS:674%P=i686-pc-windows-windows)ECN(R=N)T1(R=Y%DF=N%T=7F%S=O%A=S+%F=AS%RD=
OS:0%Q=)T1(R=Y%DF=N%T=7F%S=O%A=O%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%D
OS:F=N%T=7F%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=7F%W=0%S=A%A=Z%F=R%O
OS:=%RD=0%Q=)T7(R=Y%DF=N%T=7F%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=7F%
OS:TOS=0%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=N%T
OS:=7F%TOSI=Z%CD=S%SI=S%DLI=S)


Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http:
//insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 21.141 seconds

C:\Documents and Settings\myuser>
0
 
marce_litoCommented:
i forgot to mention that you see tcpwrapped next to the port 80 scan because that's the actual web server... if you scan windows with IIS machines, it will say IIS version XX...
0
 
marce_litoCommented:
and then again, if you are looking for a specific process, you can use pstools' pslist... however, you need to have (as far as i remember) an administrative account to list processes... that could be problematic if you are in a client's office and not your own network...
0
 
LordSMAuthor Commented:
so, essentially is there a way in NMAP to know, if W3SVC is runing? I had another question, that how do we understand the if the TCP IP Fingerprint contains something related to IIS. I heard that Web Servers (say IIS) have their own signatures, if this is so, how can we use it to evaluate this situation?
0
 
marce_litoCommented:
w3svc will open port 80 to start listening for client requests... nmap will tell you if any web server, regardless it's iis or not... for example, if you use apache as a web server, you'll see por 80 open, but no w3svc process running...

if you use nmap's "-A" switch, it will tell you the OS of the target machine and the services' versions if possible... there you can see if it's IIS or not... as you have to scan hudreds of servers, the "-A" switch will slow down your scan, but you can get a cup of coffee in the meantime =)

the scan i posted above shows my router does not run iis, but tcpwrapped... as i'm at home, i can't post some scans of an actual iis server...
0
 
marce_litoCommented:
take a look at http://insecure.org/nmap/man/

there you see an example scan... the first machine is running a web srever, apache httpd 2.0.52, the second one is not running any web server (as port 80 is closed), but it's a windows machine
0
 
ahoffmannCommented:
> .. or if there are any webservices or portals hosted on it.
only by brute forcing URLs (or inspecting the website and search for such URLs)
0
 
LordSMAuthor Commented:


Hi, Is there a command or script, by which I can know, which websites are being hosted an IIS Web Server? I know, I can manually go in and see that, but I need to do this for multiple servers and with each IIS Server hosting multiple websites.

Thanks in advance !!
0
 
ahoffmannCommented:
> .. which websites are being hosted an IIS Web Server?
httprint as I already sugested
0
 
LordSMAuthor Commented:
I could run an NMAP scan as that was allowed, but I dont think I can run Httprint. Do we have something in NMAP that can tell us. I was trying to look for some command line or script that can tell us, which websites are hosted.

thanks
0
 
marce_litoCommented:
how about the script in the link i posted? did it work? as far as i can understand, it does exactly what you want...
0
 
LordSMAuthor Commented:
I am sorry, but I am not able to locate the script you had posted on the forum. Please repost in case I have missed. So far, I had tried all of the scripts which were posted.
0
 
marce_litoCommented:
0
 
LordSMAuthor Commented:
I think we came on same note. I checked the link, and used the following code, but I am getting the error:
getWebsite.vbs(4, 15) Microsoft VBScript compilation error: Expected end of statement. I am only interested in the website. Port IP will be a bonus.

Please suggest

Code:-

------------------------------------------------
OPTION EXPLICIT

DIM CRLF, TAB
DIM strServer = "Baron"
DIM objWebService

TAB  = CHR( 9 )
CRLF = CHR( 13 ) & CHR( 10 )

'IF WScript.Arguments.Length = 1 THEN
'    strServer = WScript.Arguments( 0 )
'ELSE
'    strServer = "localhost"
'END IF

WScript.Echo "Enumerating websites on " & strServer & CRLF
SET objWebService = GetObject( "IIS://" & strServer & "/W3SVC" )
EnumWebsites objWebService


SUB EnumWebsites( objWebService )
    DIM objWebServer, strBindings

    FOR EACH objWebServer IN objWebService
        IF objWebserver.Class = "IIsWebServer" THEN
            WScript.Echo "Site ID = " & objWebserver.Name & CRLF & "Comment = """ & objWebServer.ServerComment & """ " & CRLF & State2Desc( objWebserver.ServerState ) & CRLF &"LogDir  = " & objWebServer.LogFileDirectory & ""
            ' Enumerate the HTTP bindings (ServerBindings) and
            ' SSL bindings (SecureBindings)
            strBindings = EnumBindings( objWebServer.ServerBindings ) & EnumBindings( objWebServer.SecureBindings )
            IF NOT strBindings = "" THEN
                WScript.Echo "IP Address" & TAB & "Port" & TAB & "Host" & CRLF & strBindings
            END IF
        END IF
    NEXT

END SUB

FUNCTION EnumBindings( objBindingList )
    DIM i, strIP, strPort, strHost
    DIM reBinding, reMatch, reMatches
    SET reBinding = NEW RegExp
    reBinding.Pattern = "([^:]*):([^:]*):(.*)"

    FOR i = LBOUND( objBindingList ) TO UBOUND( objBindingList )
        ' objBindingList( i ) is a string looking like IP:Port:Host
        SET reMatches = reBinding.Execute( objBindingList( i ) )
        FOR EACH reMatch IN reMatches
            strIP = reMatch.SubMatches( 0 )
            strPort = reMatch.SubMatches( 1 )
            strHost = reMatch.SubMatches( 2 )

            ' Do some pretty processing
            IF strIP = "" THEN strIP = "All Unassigned"
            IF strHost = "" THEN strHost = "*"
            IF LEN( strIP ) < 8 THEN strIP = strIP & TAB

            EnumBindings = EnumBindings & strIP & TAB & strPort & TAB & strHost & TAB & ""
        NEXT

        EnumBindings = EnumBindings & CRLF
    NEXT

END FUNCTION

0
 
LordSMAuthor Commented:
thanks for reposting. I had seen the code earlier, but was not remembering it to be part of link
0
 
marce_litoCommented:
instead of putting:
DIM strServer = "Baron"

try:
DIM strServer
strServer = "Baron"


on separate statements... it then will work... notice that as you are launching the script from a different machine than the one tested, you MUST have IIS installed in both machines...
0
 
LordSMAuthor Commented:
thanks, to clarify on this - Can I run the script on server A (which has IIS) to find info on Server B (Baron, which has IIS) ?
0
 
marce_litoCommented:
yes, but both servers must have IIS installed... if you leave the script as it was originally, you can even call the script with an argument that is the name of the server you want to test... so, if you called the script website.vbs and want to test the serverb server you can put in the command line:
website.vbs serverb

so it can be used in a batch file =D
0
 
LordSMAuthor Commented:
C:\>cscript getWebsite.vbs "baron.jl.com"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Enumerating websites on

C:\getWebsite.vbs(17, 1) (null): 0x80005000


This is what I am getting. Please suggest
0
 
marce_litoCommented:
>Enumerating websites on
see that there's no name there? maybe you forgot to uncomment the lines you commented out in the script...
0
 
LordSMAuthor Commented:
awesome works just great !!
0
 
marce_litoCommented:
=)

let us know if you need anything else
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 18
  • 13
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now