lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: offtopic at mail.ru (offtopic)
Subject: Web server passive Googleprints

According to Johnny Long where is two major method of  Web-server passive fingerprint via Google. 
It is  directory browsing footer/header 
(for example "[To Parent Directory]" "<dir>" shows IIS pages), and default web pages 
(for example intitle:Under.Construction "Disabling Dynamic" shows IIS 6.0 on W2K3).

I discovered another interesting and new (AFAIK) method which uses Netcraft Web servers monitoring service to provide more accurate Googleprints.

Examples:

site:netcraft.com intitle:That.Site.Running Apache 
site:netcraft.com intitle:That.Site.Running "Windows Server 2003"
site:netcraft.com intitle:That.Site.Running "Netscape-Enterprise/3.6" 

So, Netcraft scans Web servers, Google scans Netcraft, and we scan Google.

(c)oded by offtopic@...l.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ