Hello guys,
Now we are gonna discuss some more methods to “Banner Grabbing”. Now I hope you enjoyed my last post on banner grabbing. Here in this post we will discus some tools or softwares that can be used to grab banners & we will also have our look on some of the applications that can be used for preventing our banners from getting grabbed from attacker. Following are some tools that can helps in banner grabbing.
1. NetCat :- Net-Cat or Ncat is TCP/IP debugging tool that can also be used for banner grabbing. Download Netcat from its official website, its free. It is available in both versions, windows & Linux.You download From official site for windows. Have a look on its documentation about how to use it (www.downloadnetcat.com).
Following command works same as telnet for netcat and helps grabbing banner.
C:\netcat\>nc IP_Address 80 (Ex. nc 201.71.105.112)
(Press enter twice and if it doesn’t work then type following)
(HEAD /HTTP/1.0 and press enter twice)
2. Httprint :- Httprint is a web server finger printing tool. It uses server signature to identify version of web application running on the server. Download it from its official website again its free. Again it is available for almost every operating system either it is windows, linux or anything else. Click Here to download for windows and CMD based. I don’t think there is need to explain how it works since their own help documentation is very small and easy to understand. Give it a try if you still don’t understand how to use it ask me, Just drop me a email at webmaster@starthack.com . I’ll include a new post on it for sure.
3. Miart HTTP Header :-
Miart HTTP Header tool identifies banner information from HTTP Header
and response type. Using it doesn’t require any skill just enter URL in
input box and press enter.
—————————————————————————————————————————————————————
Prevention Against Banner Grabbing:
1. Preventing Apache Server & Its Derivative :- We can’t say that there is some tool or specific method available via which we can stop banner of Apache from getting grabbed but if you’ll have a look on its documentation, you’ll find its not even difficult either. Actually full information about Apache and its derivative related problems and their solutions is included in their documentation and they differ for each version. Since they differ for each version I ‘ll recommend read its documentation to stop Apache giving out valuable information.
2. Preventing IIS Server :- IIS shares some advantages over Apache since various tools are available that help IIS server to defend itself against banner grabbing.
3. IIS Lockdown :-Its works by turning off unnecessary features thus providing multiple layer protection. Download it from www.microsoft.com.
4. Server Mask :- Server Mask removes every detail from website about it is using IIS server including removing all finger printing traces. It removes HTTP headers and also encrypts signatures thus providing protection against signature based banner grabbing.
5. Page Xchanger :- It is content negotiation tool. It cleans all URLs from extensions and hence make them appear more clear and navigable. It negotiates with every file and extension making site more secure since your site will show nothing about files, extensions and default error messages.
No comments:
Post a Comment