Multiple Methods of Performing Web Server Version Detection

Detecting version of a service is one of the important step which is performed in the initial phase of the ethical hacking. After knowing what services are running on target system you need to scan those services one by one to extract as much information as you can. All the extracted information helps us in exploitation phase of ethical hacking. So in this post we are going to see what are the possible methods for scanning a http service running on a target system. There might be methods other than the methods discussed here but I think these methods will be sufficient for you to scan a web server for it’s version.

1. Using nmap

nmap -sV -p80 <IP-address>

Version Detection Using Nmap

2. Using Metasploit

Metasploit has auxiliary module for http version scanning, name of the module is auxiliary/scanner/http/http_version

Metasploit Framework

3. Using HTTP Headers

Sometimes response headers throws out web server details which can be useful for attackers. You can check response headers using burp suite or developer tools available in your browser.

HTTP Response Revealing Sensitive Information

4. Using Nikto

Nikto is a web server scanner which performs some tests against web server for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

nikto -host <IP-address>

Nikto

So these were some of the tools which can be used for scanning the version of a web server running on a target system. You should always know multiple ways to perform a task(version detection here) because there may be situations where your method might not work, in that case you should know an alternative way to perform the same task. Also each tool may have different technique for performing the same task, therefore you should perform a task using multiple tools and check what details are being found out by the tools. Another reason for using multiple tools is sometimes there may be false positive given by a tool so you should always verify the result using more than one tool.

An avid learner in the field of information security. A self learner and a ctf player sometimes.