Detecting version of a service is one of the important step which is performed in the initial phase of the ethical hacking. After knowing what services are running on target system you need to scan those services one by one to extract as much information as you can. All the extracted information helps us in exploitation phase of ethical hacking. So in this post we are going to see what are the possible methods for scanning a http service running on a target system. There might be methods other than the methods discussed here but I think these methods will be sufficient for you to scan a web server for it’s version.
1. Using nmap
nmap -sV -p80 <IP-address>
2. Using Metasploit
Metasploit has auxiliary module for http version scanning, name of the module is auxiliary/scanner/http/http_version
3. Using HTTP Headers
Sometimes response headers throws out web server details which can be useful for attackers. You can check response headers using burp suite or developer tools available in your browser.
4. Using Nikto
Nikto is a web server scanner which performs some tests against web server for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.
nikto -host <IP-address>
So these were some of the tools which can be used for scanning the version of a web server running on a target system. You should always know multiple ways to perform a task(version detection here) because there may be situations where your method might not work, in that case you should know an alternative way to perform the same task. Also each tool may have different technique for performing the same task, therefore you should perform a task using multiple tools and check what details are being found out by the tools. Another reason for using multiple tools is sometimes there may be false positive given by a tool so you should always verify the result using more than one tool.