I hope you enjoyed reading last post on banner grabbing.
Here in this post we will discus some tools that can be used to grab
banners and we will also have our look on some of the tools that can be
used for preventing our banners from getting grabbed. Following are some
tools that helps in banner grabbing.
NetCat:
Net-Cat is TCP/IP debugging tool that
can be used for banner grabbing. Download Netcat from its official site,
its free. Have a look on its documentation about how to use it.
Following command works same as telnet for netcat and helps grabbing
banner.
C:\netcat\>nc ip_address 80
(Press enter twice and if it doesn't work then type following)
(HEAD /HTTP/1.0 and press enter twice)
Httprint:
Httprint is web server finger printing
tool. It uses server signature to identify version of web application
running on server. Download it from its official site again its free. I
don't think there is need to explain how it works since their own help
documentation is very small and easy to understand. Give it a try if you
still don't understand how to use it ask me. I'll include a new post on
it.
Miart HTTP Header:
Miart HTTP Header tool identifies banner
information from HTTP Header and response type. Using it doesn't
require any skill just enter URL in input box and press enter.
Prevention Against Banner Grabbing:
Preventing Apache Server And Its Derivative:
We can't say that there is some tool or
specific method available via which we can stop banner of Apache from
getting grabbed but if you'll have a look on its documentation, you'll
find its not even difficult either. Actually full information about
Apache and its derivative related problems and their solutions is
included in their documentation and they differ for each version. Since
they differ for each version I 'll recommend read its documentation to
stop Apache giving out valuable information.
Preventing IIS Server:
IIS shares some advantages over Apache
since various tools are available that help IIS server to defend itself
against banner grabbing.
IIS Lockdown:
Its works by turning off unnecessary features thus providing multiple layer protection. Download it from www.microsoft.com.
Server Mask:
Server Mask removes every detail from
website about it is using IIS server including removing all finger
printing traces. It removes HTTP headers and also encrypts signatures
thus providing protection against signature based banner grabbing.
Page Xchanger:
It is content negotiation tool. It
cleans all URLs from extensions and hence make them appear more clear
and navigable. It negotiates with every file and extension making site
more secure since your site will show nothing about files, extensions
and default error messages.
0 comments:
Post a Comment