LordSM
asked on
Is there a way to know if a server is a web server?
I have many servers to manage. I need to find out which particular server is a web server. Though this can be evaluvated if it has IIS or not, but I specifically want to have something like some special process or task that runs if a server is acting as a web server. I basically want to know, if there is someway to know that and can I use that command or find that process by scripting. Please let me know, if such a thing exists and in case more clarification on my part is required.
Thanks
LordSM
Thanks
LordSM
just for curiosity, why wouldn't he use nmap on windows?
btw, make sure you don't nmap computers you don't have permission to do so...
btw, make sure you don't nmap computers you don't have permission to do so...
[just for curiosity, why wouldn't he use nmap on windows]
Marce_lito,
This was more than likely to make things easy for the poster.
nmap is installed by default under Linux and is readily available.
Installing it under Windows requires it to be compiled with "Microsoft Visual C++ 2005" which most people don't (or won't) have access to.
It's easier to just provide a link to one that's ready to go. I'm assuming that northcide has used the linked app in the past, and feels it's worthy of linking to.
[make sure you don't nmap computers you don't have permission to do so]
Very good point to make ;)
Ken
Marce_lito,
This was more than likely to make things easy for the poster.
nmap is installed by default under Linux and is readily available.
Installing it under Windows requires it to be compiled with "Microsoft Visual C++ 2005" which most people don't (or won't) have access to.
It's easier to just provide a link to one that's ready to go. I'm assuming that northcide has used the linked app in the past, and feels it's worthy of linking to.
[make sure you don't nmap computers you don't have permission to do so]
Very good point to make ;)
Ken
You can find nmap binaries for windows in the official nmap site:
http://insecure.org/nmap/download.html
even with an installer... i do agree with you that maybe a command-line interface is different from what windows users are accustomed to... so you two have a point there... i'm just very used to work with nmap on windows, so i was surprised :)
then again, northcide's answer is a very good one... i'd still use nmap over the advanced port scanner mainly because nmap's -A switch... (which is wonderful describing quickly the OS and services versions, but it can trigger some firewall/antivirus products to raise an alarm)
http://insecure.org/nmap/download.html
even with an installer... i do agree with you that maybe a command-line interface is different from what windows users are accustomed to... so you two have a point there... i'm just very used to work with nmap on windows, so i was surprised :)
then again, northcide's answer is a very good one... i'd still use nmap over the advanced port scanner mainly because nmap's -A switch... (which is wonderful describing quickly the OS and services versions, but it can trigger some firewall/antivirus products to raise an alarm)
marce_lito,
Wasn't aware of that ;)
must agree with "-A" on nmap
Wasn't aware of that ;)
must agree with "-A" on nmap
a little off-topic conversation, but a nice one indeed :)
ASKER
Thanks for the wonderful points guys. It surely is helpful. But my flux here is that I am trying to get this done using some script for the place where I might use it, it will amount to hacking. Though I know, it is a neat tool, but I still might not be able to run it. Is is possible we can script something to do it, given that we have credentials to access the Servers.
Thanks in advance
Thanks in advance
ok then :)
if you are looking for a specific process on a machine, you can use pstools' pslist... it can list processes on a local or remote machine... good software... i think the IIS web service process is inetinfo.exe (please correct me if i'm worng, not sure here)...
any web server that runs in a standard port must be listening on port 80... so doing a «netstat -an|find "LISTENING"|find "80"» will show you any process listening on port 80...
do you need to do this on a specific machine sporadically or a group of machines continuosly/quickly?
if you are looking for a specific process on a machine, you can use pstools' pslist... it can list processes on a local or remote machine... good software... i think the IIS web service process is inetinfo.exe (please correct me if i'm worng, not sure here)...
any web server that runs in a standard port must be listening on port 80... so doing a «netstat -an|find "LISTENING"|find "80"» will show you any process listening on port 80...
do you need to do this on a specific machine sporadically or a group of machines continuosly/quickly?
ASKER
My situation is that I can not use much of the outside tools as the guys wont permit me. So a good way might be to log in to a server and see at some specific process that confirms if it is an IIS Server. And I need to check on hunderds of them, so it is not good for me to manually log in to a machine, every single time, so I was wondering if we can write some script on it. Also, I think port scan for 80 will be a good option and having to see inetinfo.exe will help. But is there some specific process that can guarantee that it is a web server? How about W3SVC, can that help? And can we script something to login to a server and check
hehehe, you were right... it's been a long time since i don't work with IIS... the process is w3svc... however, not seeing it won't guarantee the machine is not a web server, as many others different than IIS can be installed... i'd go with the netstat solution, which, thanks to God, does not need any external program other than standard windows commands...
anyway, i really don't know a scriptable way to list the processes of a machine without using pstools... if you are worried because they won't let you install anything on the server, you should know that pstools don't need any installation... they can be copied even on a remote workstation that has ip connectivity to the servers... great tools...
anyway, i really don't know a scriptable way to list the processes of a machine without using pstools... if you are worried because they won't let you install anything on the server, you should know that pstools don't need any installation... they can be copied even on a remote workstation that has ip connectivity to the servers... great tools...
[I can not use much of the outside tools as the guys wont permit me <snip>
And I need to check on hunderds of them ]
A lot of this just isn't adding up.
If your network literally consists of "hundreds" of servers, then I'm sure there is a network/server monitoring utility or in the least a server list already in use or available. My advice is to get in touch with your network administrator (or supervisor) and explain what it is you're trying to do, or what information you need.
[can we script something to login to a server and check]
My guess is that if you're not allowed to install or use a simple network tool like nmap, something like this may also land you in the unemployment line.
Ken
And I need to check on hunderds of them ]
A lot of this just isn't adding up.
If your network literally consists of "hundreds" of servers, then I'm sure there is a network/server monitoring utility or in the least a server list already in use or available. My advice is to get in touch with your network administrator (or supervisor) and explain what it is you're trying to do, or what information you need.
[can we script something to login to a server and check]
My guess is that if you're not allowed to install or use a simple network tool like nmap, something like this may also land you in the unemployment line.
Ken
ken's got a point, listen to the man :)
if i were your network administrator i'd rather let you use nmap on your computer than give you (administrative?) rights to login on the servers to check the processes and let you do some sort of scripting on them
if i were your network administrator i'd rather let you use nmap on your computer than give you (administrative?) rights to login on the servers to check the processes and let you do some sort of scripting on them
ASKER
Good news guys, I finally am getting to use Nmap.... and no unemployment as well :D
The thing, I was trying to work on was to determine, if it is a web server. I used -vv & -sV options using Nmap. Does that effectively tell me if I have a web server or not? I can run scans on most of the ports to determine that. The info I got from using above options only tell me:
Port State Service, which for IIS Web Server is Http. TCP/IP Finger Print. And List of Services which was gibberish to me as it contained only x's and /'s .
Is there is some way in Nmap that you know of by which I can get more precisely is Web Server is running or not or if there are any webservices or portals hosted on it.
Thanks in advance
The thing, I was trying to work on was to determine, if it is a web server. I used -vv & -sV options using Nmap. Does that effectively tell me if I have a web server or not? I can run scans on most of the ports to determine that. The info I got from using above options only tell me:
Port State Service, which for IIS Web Server is Http. TCP/IP Finger Print. And List of Services which was gibberish to me as it contained only x's and /'s .
Is there is some way in Nmap that you know of by which I can get more precisely is Web Server is running or not or if there are any webservices or portals hosted on it.
Thanks in advance
ASKER
Also, How do I know, using NMAP if W3svc is running or not
try something like this:
nmap -A -p 80,443 192.168.1.1-254 (change this to the range of ip addresses of your servers)
below is a copy of a nmap scan on my router (a dlink di-624, a cheap piece of ....)
there you will see than some web server is running (tcpwrapped), not necessarily IIS... my comments are underscored ____
Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-17 17:51 Hora est. del Pac
Ýfico de SA
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Interesting ports on 192.168.1.1:
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped __you see it's open, then a web server must be running on it__
443/tcp closed https __it's closed, so there's no SSL in that web server___
MAC Address: 00:17:9A:47:40:A5 (D-Link)
No exact OS matches for host (If you know what OS is running on it, see http://i
nsecure.org/nmap/submit/ ).
TCP/IP fingerprint: __this is to identify the OS of hte machine, as dlink's firmware is not on the db, it says it's unknown___
OS:SCAN(V=4.20%D=8/17%OT=8
OS:674%P=i686-pc-windows-w
OS:0%Q=)T1(R=Y%DF=N%T=7F%S
OS:F=N%T=7F%W=0%S=Z%A=S+%F
OS:=%RD=0%Q=)T7(R=Y%DF=N%T
OS:TOS=0%IPL=38%UN=0%RIPL=
OS:=7F%TOSI=Z%CD=S%SI=S%DL
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http:
//insecure.org/nmap/submit
Nmap finished: 1 IP address (1 host up) scanned in 21.141 seconds
C:\Documents and Settings\myuser>
nmap -A -p 80,443 192.168.1.1-254 (change this to the range of ip addresses of your servers)
below is a copy of a nmap scan on my router (a dlink di-624, a cheap piece of ....)
there you will see than some web server is running (tcpwrapped), not necessarily IIS... my comments are underscored ____
Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-17 17:51 Hora est. del Pac
Ýfico de SA
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Interesting ports on 192.168.1.1:
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped __you see it's open, then a web server must be running on it__
443/tcp closed https __it's closed, so there's no SSL in that web server___
MAC Address: 00:17:9A:47:40:A5 (D-Link)
No exact OS matches for host (If you know what OS is running on it, see http://i
nsecure.org/nmap/submit/ ).
TCP/IP fingerprint: __this is to identify the OS of hte machine, as dlink's firmware is not on the db, it says it's unknown___
OS:SCAN(V=4.20%D=8/17%OT=8
OS:674%P=i686-pc-windows-w
OS:0%Q=)T1(R=Y%DF=N%T=7F%S
OS:F=N%T=7F%W=0%S=Z%A=S+%F
OS:=%RD=0%Q=)T7(R=Y%DF=N%T
OS:TOS=0%IPL=38%UN=0%RIPL=
OS:=7F%TOSI=Z%CD=S%SI=S%DL
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http:
//insecure.org/nmap/submit
Nmap finished: 1 IP address (1 host up) scanned in 21.141 seconds
C:\Documents and Settings\myuser>
i forgot to mention that you see tcpwrapped next to the port 80 scan because that's the actual web server... if you scan windows with IIS machines, it will say IIS version XX...
and then again, if you are looking for a specific process, you can use pstools' pslist... however, you need to have (as far as i remember) an administrative account to list processes... that could be problematic if you are in a client's office and not your own network...
ASKER
so, essentially is there a way in NMAP to know, if W3SVC is runing? I had another question, that how do we understand the if the TCP IP Fingerprint contains something related to IIS. I heard that Web Servers (say IIS) have their own signatures, if this is so, how can we use it to evaluate this situation?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
take a look at http://insecure.org/nmap/man/
there you see an example scan... the first machine is running a web srever, apache httpd 2.0.52, the second one is not running any web server (as port 80 is closed), but it's a windows machine
there you see an example scan... the first machine is running a web srever, apache httpd 2.0.52, the second one is not running any web server (as port 80 is closed), but it's a windows machine
> .. or if there are any webservices or portals hosted on it.
only by brute forcing URLs (or inspecting the website and search for such URLs)
only by brute forcing URLs (or inspecting the website and search for such URLs)
ASKER
Hi, Is there a command or script, by which I can know, which websites are being hosted an IIS Web Server? I know, I can manually go in and see that, but I need to do this for multiple servers and with each IIS Server hosting multiple websites.
Thanks in advance !!
> .. which websites are being hosted an IIS Web Server?
httprint as I already sugested
httprint as I already sugested
ASKER
I could run an NMAP scan as that was allowed, but I dont think I can run Httprint. Do we have something in NMAP that can tell us. I was trying to look for some command line or script that can tell us, which websites are hosted.
thanks
thanks
how about the script in the link i posted? did it work? as far as i can understand, it does exactly what you want...
ASKER
I am sorry, but I am not able to locate the script you had posted on the forum. Please repost in case I have missed. So far, I had tried all of the scripts which were posted.
it's up there, but anyway, i'll post the link again:
http://blogs.msdn.com/david.wang/archive/2005/07/13/HOWTO_Enumerate_IIS_Website_Configuration.aspx
http://blogs.msdn.com/david.wang/archive/2005/07/13/HOWTO_Enumerate_IIS_Website_Configuration.aspx
ASKER
I think we came on same note. I checked the link, and used the following code, but I am getting the error:
getWebsite.vbs(4, 15) Microsoft VBScript compilation error: Expected end of statement. I am only interested in the website. Port IP will be a bonus.
Please suggest
Code:-
--------------------------
OPTION EXPLICIT
DIM CRLF, TAB
DIM strServer = "Baron"
DIM objWebService
TAB = CHR( 9 )
CRLF = CHR( 13 ) & CHR( 10 )
'IF WScript.Arguments.Length = 1 THEN
' strServer = WScript.Arguments( 0 )
'ELSE
' strServer = "localhost"
'END IF
WScript.Echo "Enumerating websites on " & strServer & CRLF
SET objWebService = GetObject( "IIS://" & strServer & "/W3SVC" )
EnumWebsites objWebService
SUB EnumWebsites( objWebService )
DIM objWebServer, strBindings
FOR EACH objWebServer IN objWebService
IF objWebserver.Class = "IIsWebServer" THEN
WScript.Echo "Site ID = " & objWebserver.Name & CRLF & "Comment = """ & objWebServer.ServerComment
' Enumerate the HTTP bindings (ServerBindings) and
' SSL bindings (SecureBindings)
strBindings = EnumBindings( objWebServer.ServerBinding
IF NOT strBindings = "" THEN
WScript.Echo "IP Address" & TAB & "Port" & TAB & "Host" & CRLF & strBindings
END IF
END IF
NEXT
END SUB
FUNCTION EnumBindings( objBindingList )
DIM i, strIP, strPort, strHost
DIM reBinding, reMatch, reMatches
SET reBinding = NEW RegExp
reBinding.Pattern = "([^:]*):([^:]*):(.*)"
FOR i = LBOUND( objBindingList ) TO UBOUND( objBindingList )
' objBindingList( i ) is a string looking like IP:Port:Host
SET reMatches = reBinding.Execute( objBindingList( i ) )
FOR EACH reMatch IN reMatches
strIP = reMatch.SubMatches( 0 )
strPort = reMatch.SubMatches( 1 )
strHost = reMatch.SubMatches( 2 )
' Do some pretty processing
IF strIP = "" THEN strIP = "All Unassigned"
IF strHost = "" THEN strHost = "*"
IF LEN( strIP ) < 8 THEN strIP = strIP & TAB
EnumBindings = EnumBindings & strIP & TAB & strPort & TAB & strHost & TAB & ""
NEXT
EnumBindings = EnumBindings & CRLF
NEXT
END FUNCTION
getWebsite.vbs(4, 15) Microsoft VBScript compilation error: Expected end of statement. I am only interested in the website. Port IP will be a bonus.
Please suggest
Code:-
--------------------------
OPTION EXPLICIT
DIM CRLF, TAB
DIM strServer = "Baron"
DIM objWebService
TAB = CHR( 9 )
CRLF = CHR( 13 ) & CHR( 10 )
'IF WScript.Arguments.Length = 1 THEN
' strServer = WScript.Arguments( 0 )
'ELSE
' strServer = "localhost"
'END IF
WScript.Echo "Enumerating websites on " & strServer & CRLF
SET objWebService = GetObject( "IIS://" & strServer & "/W3SVC" )
EnumWebsites objWebService
SUB EnumWebsites( objWebService )
DIM objWebServer, strBindings
FOR EACH objWebServer IN objWebService
IF objWebserver.Class = "IIsWebServer" THEN
WScript.Echo "Site ID = " & objWebserver.Name & CRLF & "Comment = """ & objWebServer.ServerComment
' Enumerate the HTTP bindings (ServerBindings) and
' SSL bindings (SecureBindings)
strBindings = EnumBindings( objWebServer.ServerBinding
IF NOT strBindings = "" THEN
WScript.Echo "IP Address" & TAB & "Port" & TAB & "Host" & CRLF & strBindings
END IF
END IF
NEXT
END SUB
FUNCTION EnumBindings( objBindingList )
DIM i, strIP, strPort, strHost
DIM reBinding, reMatch, reMatches
SET reBinding = NEW RegExp
reBinding.Pattern = "([^:]*):([^:]*):(.*)"
FOR i = LBOUND( objBindingList ) TO UBOUND( objBindingList )
' objBindingList( i ) is a string looking like IP:Port:Host
SET reMatches = reBinding.Execute( objBindingList( i ) )
FOR EACH reMatch IN reMatches
strIP = reMatch.SubMatches( 0 )
strPort = reMatch.SubMatches( 1 )
strHost = reMatch.SubMatches( 2 )
' Do some pretty processing
IF strIP = "" THEN strIP = "All Unassigned"
IF strHost = "" THEN strHost = "*"
IF LEN( strIP ) < 8 THEN strIP = strIP & TAB
EnumBindings = EnumBindings & strIP & TAB & strPort & TAB & strHost & TAB & ""
NEXT
EnumBindings = EnumBindings & CRLF
NEXT
END FUNCTION
ASKER
thanks for reposting. I had seen the code earlier, but was not remembering it to be part of link
instead of putting:
DIM strServer = "Baron"
try:
DIM strServer
strServer = "Baron"
on separate statements... it then will work... notice that as you are launching the script from a different machine than the one tested, you MUST have IIS installed in both machines...
DIM strServer = "Baron"
try:
DIM strServer
strServer = "Baron"
on separate statements... it then will work... notice that as you are launching the script from a different machine than the one tested, you MUST have IIS installed in both machines...
ASKER
thanks, to clarify on this - Can I run the script on server A (which has IIS) to find info on Server B (Baron, which has IIS) ?
yes, but both servers must have IIS installed... if you leave the script as it was originally, you can even call the script with an argument that is the name of the server you want to test... so, if you called the script website.vbs and want to test the serverb server you can put in the command line:
website.vbs serverb
so it can be used in a batch file =D
website.vbs serverb
so it can be used in a batch file =D
ASKER
C:\>cscript getWebsite.vbs "baron.jl.com"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Enumerating websites on
C:\getWebsite.vbs(17, 1) (null): 0x80005000
This is what I am getting. Please suggest
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Enumerating websites on
C:\getWebsite.vbs(17, 1) (null): 0x80005000
This is what I am getting. Please suggest
>Enumerating websites on
see that there's no name there? maybe you forgot to uncomment the lines you commented out in the script...
see that there's no name there? maybe you forgot to uncomment the lines you commented out in the script...
ASKER
awesome works just great !!
=)
let us know if you need anything else
let us know if you need anything else
use nmap on unix environments
http://www.famatech.com/products/utilities/portscanner.php from windows.