[WEB SECURITY] httprint v301 release

Hemil hemil at net-square.com
Thu Dec 22 06:20:41 EST 2005


Greetings,

The latest version of httprint (v301), is available for download.

Description:

httprint is a web server fingerprinting tool. It relies on web server  
characteristics to accurately identify web servers, despite the fact  
that they may have been obfuscated by changing the server banner  
strings, or by plug-ins such as mod_security or servermask.

httprint can also be used to detect web enabled devices which do not  
have a server banner string, such as wireless access points, routers,  
switches, cable modems, etc. httprint uses text signature strings and  
it is very easy to add signatures to the signature database. The  
current version of httprint can import web servers from nmap network  
scans, if they are saved in XML format. The current version provides  
reports in HTML, CSV and XML format. Current version also provides  
confidence rating.

httprint is available as a command line tool on Win32, Linux, FreeBSD  
and Mac OSX. A GUI version of httprint is also available for the  Win32 
platform.

The current build for httprint is 301. httprint was first released at  
the Blackhat Briefings USA 2003 in Las Vegas.

More details on httprint can be found at:
http://net-square.com/httprint/

Filenames:
http://net-square.com/httprint/httprint_win32_301.zip
http://net-square.com/httprint/httprint_linux_301.zip
http://net-square.com/httprint/httprint_freebsd_301.zip
http://net-square.com/httprint/httprint_macosx_301.zip

(original MD5 checksums are mentioned on the httprint page itself)

Homepage:
http://net-square.com/httprint/

Paper:
http://net-square.com/httprint/httprint_paper.html

Revision History

v301
----
- New multi-threaded engine.
- SSL information gathering.
- Automatic SSL port detection.
- Bug-fix: HTTP header server banner containing <script> tags used to  
cause Javascript execution in HTML generated reports.
- Bug-fix: HTTP server banners greater than 1024 bytes caused CPU  usage 
to go up to 100%.
(Both bugs reported by Mariano Nunez Di Croce mnunez at cybsec.com)

v202
----
- Automatic HTTP 301, 302 traversal.
- Works with FreeBSD 4.x and 5.x.
- Cleaned up build process and version release.

v200
----
- Server matches are now chosen on confidence ratings instead of  
highest weights.
- Reports can now be generated in XML format.
- FreeBSD version available.

v107
----
- Ability to import web server IP addresses and ports from nmap's XML  
output files, generated by the -oX option.
- Reports can now be generated in CSV format.

v105
----
- First public release.


Enjoy,
-- Hemil

[net-square]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20051222/f5886187/attachment.html>


More information about the websecurity mailing list