Is there a good methodology to find the operating system and server software that is being used on a served website that you don't have SSH access to? What I'm doing right now is looking at TCP/IP headers in a browser development window. Also, purposely going to 404s, but I find that a lot of server information is taken out of any messages that are displayed.
Asked
Active
Viewed 82 times
0
-
What Arul and HopelessN00b said. Just be aware that portscanning a server that isn't yours is generally considered a hostile act, and the remote router might block you for it. – Katherine Villyard Jan 19 '15 at 16:30
-
Out of curiosity, why do you need to know this? – Thorbjørn Ravn Andersen Jan 19 '15 at 18:36
-
@ThorbjørnRavnAndersen I'm trying to take over the world. – smilebomb Jan 19 '15 at 19:34
2 Answers
3
Your best option, without SSH access would be nmap's OS detection.
It's not going to be totally reliable, but it's probably better than nothing, which seems to be your other option. Here's a page with a little run down on how the OS detection works, which should give you an idea of its limitations.
Katherine Villyard
- 18,550
- 4
- 37
- 59
HopelessN00b
- 53,795
- 33
- 135
- 209
2
You can use nmap as mentioned by the previous response.
sudo nmap -sV -T4 -O -F --version-light <your_server>
NOTE: If you run a nmap against a server that you don't own, prepare to explain when a call from network security admin asking you what are you trying to do. In other words, don't do it if it is not your server.
Arul Selvan
- 1,428
- 13
- 11