OS and application fingerprinting
Linux 2.6/2.4
Apache Tomcat
Apache/2.0.59 (Unix) PHP/4.4.7 mod_jk/1.2.25
[user@]$ sudo nmap -O x.y.z.t
Starting Nmap 5.51 ( http://nmap.org ) at 2011-07-29 12:41 ICT
Nmap scan report for x.y.z.t
Host is up (0.10s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
25/tcp closed smtp
80/tcp open http
110/tcp closed pop3
143/tcp closed imap
587/tcp closed submission
Device type: general purpose|WAP|PBX|router
Running (JUST GUESSING): Linux 2.6.X (96%), Ubiquiti Linux (90%),
Linksys embedded (89%)
Aggressive OS guesses: Linux 2.6.9 - 2.6.30 (96%), Linux 2.6.22
(Fedora Core 6) (94%), Linux 2.6.28 (Gentoo) (93%), Linux 2.6.21
(92%), Linux 2.6.24 - 2.6.35 (92%), Linux 2.6.9 - 2.6.31 (92%),
Linux 2.6.13 - 2.6.31 (92%), Linux 2.6.23 - 2.6.26 (92%), Linux
2.6.22 (92%), Linux 2.6.24 - 2.6.28 (92%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.33 seconds
[user@]$ sudo amap x.y.z.t 80
amap v5.4 (www.thc.org/thc-amap) started at 2011-07-29 12:41:55 -
APPLICATION MAPPING mode
Protocol on x.y.z.t:80/tcp matches http
Protocol on x.y.z.t:80/tcp matches http-apache-2
Protocol on x.y.z.t:80/tcp matches http-jrun
Protocol on x.y.z.t:80/tcp matches http-tomcat
Unidentified ports: none.
[user@]$ sudo amap -vd x.y.z.t 80
Using trigger file ./appdefs.trig ... loaded 30 triggers
Using response file ./appdefs.resp ... loaded 346 responses
Using trigger file ./appdefs.rpc ... loaded 450 triggers
amap v5.4 (www.thc.org/thc-amap) started at 2011-07-29 12:46:04 -
APPLICATION MAPPING mode
Total amount of tasks to perform in plain connect mode: 23
Waiting for timeout on 23 connections ...
Protocol on x.y.z.t:80/tcp matches http
Dump of identified response from x.y.z.t:80/tcp (by trigger http):
0000: 4854 5450 2f31 2e31 2032 3030 204f 4b0d [ HTTP/1.1 200 OK.
]
0010: 0a44 6174 653a 2046 7269 2c20 3239 204a [ .Date: Fri, 29 J
]
0020: 756c 2032 3031 3120 3035 3a34 373a 3531 [ ul 2011 05:47:51
]
0030: 2047 4d54 0d0a 5365 7276 6572 3a20 4170 [ GMT..Server: Ap
]
0040: 6163 6865 2f32 2e30 2e35 3920 2855 6e69 [ ache/2.0.59 (Uni
]
0050: 7829 2050 4850 2f34 2e34 2e37 206d 6f64 [ x) PHP/4.4.7 mod
]
0060: 5f6a 6b2f 312e 322e 3235 0d0a 5365 742d [ _jk/1.2.25..Set-
]
0070: 436f 6f6b 6965 3a20 4a53 4553 5349 4f4e [ Cookie: JSESSION
]
0080: 4944 3d42 4333 3445 4537 3139 4634 3230 [ ID=BC34EE719F420
]
0090: 3939 4637 3643 4138 3146 3430 3545 3635 [ 99F76CA81F405E65
]
00a0: 4532 372e 6c6f 6361 6c68 6f73 743a 3830 [ E27.localhost:80
]
00b0: 3039 3b20 5061 7468 3d2f 0d0a 436f 6e74 [ 09; Path=/..Cont
]
00c0: 656e 742d 4c61 6e67 7561 6765 3a20 656e [ ent-Language: en
]
00d0: 2d55 530d 0a43 6f6e 7465 6e74 2d4c 656e [ -US..Content-Len
]
00e0: 6774 683a 2035 3339 370d 0a56 6172 793a [ gth: 5397..Vary:
]
00f0: 2041 6363 6570 742d 456e 636f 6469 6e67 [ Accept-Encoding
]
0100: 0d0a 5033 503a 2043 503d 224e 4f49 2044 [ ..P3P: CP="NOI D
]
0110: 5350 2043 4f52 2041 444d 2044 4556 204f [ SP COR ADM DEV O
]
0120: 5552 2053 5450 220d 0a43 6f6e 6e65 6374 [ UR STP"..Connect
]
0130: 696f 6e3a 2063 6c6f 7365 0d0a 436f 6e74 [ ion: close..Cont
]
0140: 656e 742d 5479 7065 3a20 7465 7874 2f68 [ ent-Type: text/h
]
0150: 746d 6c3b 6368 6172 7365 743d 5769 6e64 [ tml;charset=Wind
]
0160: 6f77 732d 3331 4a0d 0a0d 0a0a 0a0a 0a0a [
ows-xyzt......... ]
No comments:
Post a Comment