Getting information about a website is very easy. The whatweb utility will return information about the website, such as the software used on it and the country it is hosted in.
(jcartwright@localhost) 192.168.1.5 ~ $ whatweb http://178.62.76.175/warmech/ http://178.62.76.175/warmech/ [200 OK] Apache[2.4.10], Country[EUROPEAN UNION][EU], HTTPServer[Ubuntu Linux][Apache/2.4.10 (Ubuntu)], IP[178.62.76.175], MetaGenerator[Microsoft FrontPage 4.0], Title[WarMECH's Domain] |
Another deeper scan, using -the -a 3 parameter, provides a much deeper scan of the web server`s software.
(jcartwright@localhost) 192.168.1.5 ~ $ whatweb -a 3 https://shrishikshayatancollege.org | tr "," "\n" https://shrishikshayatancollege.org [200 OK] Apache Country[UNITED KINGDOM][GB] Email[shikshayatan@shrishikshayatancollege.org] HTML5 HTTPServer[Apache] IP[178.79.159.193] JQuery[3.6.0] MetaGenerator[Powered by Slider Revolution 6.5.24 - responsive Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface. Powered by WPBakery Page Builder - drag and drop page builder for WordPress. WordPress 6.0.3] Modernizr PoweredBy[Slider WPBakery] Script[text/javascript] Title[Shri Shikshayatan College – SSC] UncommonHeaders[link] WordPress[6.0.3] x-pingback[https://shrishikshayatancollege.org/xmlrpc.php] |
Plus, piping the output to the tr command to change all commas to newlines to format the output in a more readable manner.
This may also be used to find out the operating system the web server is running on.
(jcartwright@localhost) 192.168.1.5 ~ $ whatweb -a 3 https://bicharada.oulu.ifrn.edu.br | tr "," "\n" https://bicharada.oulu.ifrn.edu.br [200 OK] Country[BRAZIL][BR] HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)] IP[200.137.2.219] Index-Of Title[Index of /] nginx[1.18.0] |
The Nmap utility may also be used to find installed server software and provide a guess of the installed operating system.
[root@localhost jcartwright]# nmap -O --max-retries=50 210.113.102.182 Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 10:48 AEST Nmap scan report for 210.113.102.182 Host is up (0.19s latency). Not shown: 990 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp closed https 2222/tcp closed EtherNetIP-1 3389/tcp closed ms-wbt-server 5432/tcp open postgresql 8080/tcp closed http-proxy 8082/tcp closed blackice-alerts 8090/tcp closed opsmessaging 8888/tcp closed sun-answerbook Aggressive OS guesses: Linux 5.0 - 5.4 (93%), Linux 5.0 (92%), Linux 5.4 (92%), Linux 2.6.32 (90%), HP P2000 G3 NAS device (90%), Linux 4.15 - 5.6 (90%), Linux 5.3 - 5.4 (89%), Infomir MAG-250 set-top box (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Linux 5.0 - 5.3 (89%) No exact OS matches for host (test conditions non-ideal). OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 15.08 seconds |
Here is another example.
[root@localhost jcartwright]# nmap -O -T3 54.180.95.161 Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:02 AEST Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161) Host is up (0.22s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Infomir MAG-250 set-top box (91%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.3 (91%), Linux 3.7 (90%), Linux 5.0 (90%), Linux 5.0 - 5.4 (90%), Linux 5.1 (90%) No exact OS matches for host (test conditions non-ideal). Network Distance: 27 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.59 seconds |
And this is what whatweb says about this server.
(jcartwright@localhost) 192.168.1.5 ~ $ whatweb 54.180.95.161 | tr "," "\n" http://54.180.95.161 [200 OK] Country[UNITED STATES][US] HTTPServer[nginx/1.14.2] IP[54.180.95.161] Index-Of Title[Index of /] nginx[1.14.2] |
This is a very interesting way to find out what web server software a website is using. Another way is to use the Wappalyzer Firefox plugin and detect all web technologies used on a website. Download this plugin here: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/. This is the most effective solution.
The nmap scanning tool, with the -sV parameter will also identify the web server software.
Password: [root@localhost jcartwright]# nmap -O -T3 -sV 54.180.95.161 Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:25 AEST Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161) Host is up (0.22s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.14.2 Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.7 (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.0 - 3.2 (91%), Linux 3.3 (91%), Infomir MAG-250 set-top box (90%), Linux 5.0 (90%), Linux 5.0 - 5.4 (90%) No exact OS matches for host (test conditions non-ideal). Network Distance: 27 hops OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.94 seconds |
You may use the -O –osscan-guess parameter to force a more aggressive OS scan, but this does not always work well.
[root@localhost jcartwright]# nmap -T3 -O --osscan-guess -sV 54.180.95.161 Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:36 AEST Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161) Host is up (0.23s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.14.2 Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Infomir MAG-250 set-top box (91%), Linux 3.7 (91%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.0 - 3.2 (91%), Linux 3.3 (91%), Linux 2.6.32 - 3.1 (90%), Linux 5.0 (90%) No exact OS matches for host (test conditions non-ideal). Network Distance: 27 hops OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.90 seconds |