Date post: | 27-Oct-2015 |
Category: |
Documents |
Upload: | rifqi-multazam |
View: | 26 times |
Download: | 1 times |
SECUGENIUS SECURITY SOLUTIONS
--------------------------------------------------------------------------------------
(A UNIT OF HARKSH TECHNOLOGIES PVT. LTD)
Company Profile:
Secugenius Security Solutions is a Student Entrepreneurial Company started by 2 Social Student
Entrepreneurs in 2010 with an aim to make our country Cyber Crime Free. We at SECUGENIUS
are headquartered at Ludhiana, the Manchester of Punjab. The main activities of Secugenius
Security Solutions are providing training in Information Security and various professional courses.
Secugenius Security Solutions is an organization which believes in inventing and implementing new
ideas to influence the technological minds of the youngsters
Looking at the number of Cyber Crimes since last many years, We at Secugenius Security
Solutions provides training on Ethical hacking & Cyber Security to students, IT Professionals, Bank
Employees, Police officials.
Secugenius conducts workshops in all parts of the country in various Colleges/institutions for the
benefit of the students & making them aware of the latest trends in technological era of the
Computer age. We believe in spreading knowledge to all the youngsters & growing minds of the
nation so that they could serve the nation with perfect skill-sets in the field of Cyber Crime
Investigation & Forensic Sciences
Secugenius provides various security solutions to its clients by securing their websites from cyber
attacks. We provide training to college students, graduates and professionals in various fields.
Education is delivered to students through two modes i.e. Regular mode and Distance mode which
are available as short term and long term courses.
In the workshops conducted by Secugenius, participants can claim to be trained by the highly
experienced & skilled corporate trainers from different parts of the nation. We believe in making
the base of students to be as strong as possible. All the modules have been designed in order to
provide students with specialized knowledge by specialized trainers.
This library was furnished, managed and funded by the Founders and Directors of Secugenius
Er. Harpreet Khattar & Er. Kshitij Adhlakha. The overall resource person for the content of
the series of this Digital Library is Er. Chetan Soni - Sr. Security Specialist, Secugenius Security
Solutions.
This Online Digital Library has been initiated as a free resource & permanent
resource on specialization basis for every student of Team Secugenius.
Httprint Web Server Fingerprinting Tool
Product ID No: SG/ODL/13013
Founder & Director: Harpreet Khattar & Kshitij Adhlakha
Resource Person: Chetan Soni
Secugenius Security Solutions
SCO-13A, Model Town Extn, Near Krishna Mandir,
Ludhiana-141002, Punjab – India
[email protected], [email protected]
www.secugenius.com , www.seculabs.in
What is Httprint ?
It is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask.
It can also be used to detect web enabled devices which do not have a server banner string, such as WAP, Routers, Switches, Cable Modems, etc. It uses text signature strings and is very easy to add signatures to the signature database.
It can successfully identify the underlying web servers when their headers are manged by either patching the binary or by modules such as mod_security.c or by commercial products such as ServerMask. It also Customizes the web server signature database. To add new signatures, We simply cut and paste the httprint output against unknown servers into the signatures text file.
It also picks the best matches based on confidence ratings, derived using a fuzzy logic techniques. It is a Multi-threaded engine. httprint v301 is a complete re-write, featuring a multi-threaded scanner, to process multiple hosts in parallel. This greatly saves scanning time. It also gathers SSL certificate information, which helps you identify expired SSL certificates, ciphers used, certificate issuer, and other such SSL related details.
It can also detect if a port is SSL enabled or not, and can automatically switch to SSL connections when needed. It has Ability to import web servers from nmap network scans. httprint can import nmap's xml output files. It can make Reports in HTML, CSV and XML formats.
Step 1 – To open httprint, please follow this path,
Backtrack -> Information Gathering -> Network
Analysis -> Service Fingerprinting -> httprint
Step 2 – Now Go To httprint root directory by typing this command root@bt:~# cd /pentest/enumeration/web/httprint/linux
Step 3 – To Scan a website , please type this command root@bt:~# ./httprint –h www.secugenius.com –s signatures.txt Here, -h stands for Host -s stands for Signatures
Step 4 – We Can also write the IP Address of the Website instead of website name. root@bt:~# ./httprint –h 184.164.150.170 –s signatures.txt
It first displays the signature it generates from the server . It then proceeds to compare the signature with those stored in its database, and assigns weights and confidence ratings for every fingerprint. The signature with the
highest confidence rating is chosen to be the best match.
Step 5 – Here we can also save the result in HTML Format by typing this command, root@bt:~# ./httprint –h 184.164.150.170 –s signatures.txt –o
chetan.html
At the End of the output, it shows “Dumping Results in HTML File”
Step 6 – We can also save the output in the csv format by typing this command root@bt:~# ./httprint –h 184.164.150.170 –s signatures.txt –o
chetan.csv
Step 7 – Now Next step is to find the input.txt file from the same directory. To View the contents of input.txt file, please type this command, root@bt:~# cat input.txt
Step 8 – To edit this file, type this command, root@bt:~# vim input.txt
Step 9 – Edit 3rd Line and Remove the # keyword from the file for making it uncomment able.
Step 10 – Now For Saving all result in HTML Format , Type this command root@bt:~# ./httprint –i input.txt –s signatures.txt –o newoutput.html