Remote Web server version

The easiest way to determine the version of a remote Web server is using the cURL utility.

Example:

curl --head http://www.microsoft.com/

HTTP/1.1 200 OK
Date: Tue, 15 Feb 2005 19:38:24 GMT
Server: Microsoft-IIS/6.0
P3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
X-Aspnet-Version: 1.1.4322
Cache-Control: public, max-age=3544
Expires: Tue, 15 Feb 2005 20:37:28 GMT
Last-Modified: Tue, 15 Feb 2005 17:50:48 GMT
Content-Type: text/html
Via: 1.1 host.example.com (XLR 2.3.0.1.8)
Proxy-Connection: keep-alive
Content-Length: 17023

If you do not have curl, you may connect to the remote Web server directly using telnet and obtain this information with these steps:

1. telnet Web_server_IP_address 80

2. Type HEAD / HTTP/1.0 and press Enter twice. The Web server version will be returned in a line beginning with with "Server:." (unless it is configured to hide this information):

Example (apache.org):
telnet www.apache.org 80

HEAD / HTTP/1.0

<>Server: Apache/2.0.53 (Unix)

Example (microsoft.com):
telnet www.microsoft.com 80
HEAD / HTTP/1.0

Server: Microsoft-IIS/6.0

In some cases, the Web server version will not be returned with the HEAD / HTTP/1.0 command, but it will be returned by pressing Enter a few times:

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/4.0


Deprecated

On 03/17/2003, CERT Advisory CA-2003-09 was released regarding a buffer overflow in Microsoft IIS 5.0. We were asked to quickly determine the Web server version on our Internet-facing servers.

First, I ran nmap to generate a list of IPs to scan within our network. For each IP address, I ran netcat to see if port 80 (http) or 443 (https) was accessible.

for i in `nmap -n -sL your_network | awk '{print $2}' | tr -d '()'`
do
nc -v -z -n -w 2 $i 80 2>&1 | grep open
nc -v -z -n -w 2 $i 443 2>&1 | grep open
done

Example output:
(UNKNOWN) [IP_address] 80 (?) open
(UNKNOWN) [IP_address] 443 (?) open

For each of the IP_addresses returned, attempt to determine the Web server version using the methods above.

Back to brandonhutchinson.com.

Last modified: 02/15/2005