Giter Club home page Giter Club logo

bannerdetect's Introduction

BannerDetect

Banner Grabing tool by Shounak Itraj

How to Use:

  1. Edit 'Urls' array in GrabBanners.py file.
  2. Add URL for which you want grab banners.

Installation:

Type the following in the terminal.

git clone https://github.com/shounakitraj/BannerDetect.git /opt/bannerdetect

This tool works on Python 2.7 and you should have Beautifulsoup installed.

Library Ubuntu Windows
BeautifulSoup pip install BeautifulSoup C:\Python27\Scripts\easy_install.exe BeautifulSoup

Description:

  1. If the page gets redirected during visiting any of the Servers, it runtime maintains the list Urls for the redirected Urls.
  2. The script reads whole list of Redirected Urls.
  3. The output will be stored in ReconOutput.txt file. This file gets created in the same directory.
  4. This Version of script checks following conditions:
  • Change of HTTP Method
  • Visiting Non-existing page (To generate 404 condition)
  • Changing HTTP protocol. E.g. Use HTPT/1.1 instead of HTTP/1.1
  • Changing HTTP Protocol version. E.g. Use HTTP/3.0

Ref: https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)

This tool connects to the domains provided in the urls, creates the URL in format 'https:///'. Then uses this URL for testing if any banners/versions are displayed by the server. Web Server sometimes may reveal its version if the unexpected/malformed request is sent. We have used following methods to check if version can be grabbed. The functions written in this tool parses both Response Headers and Response Body. If it matches with some pre-defined regex then the respective header or respective HTML tag is shown in output.

Pre-defined Regex:

apache|JSP Engine|jetty|php|ssl

Change Method

In this function request is send to Server with different methods. If the Server is not configured correctly then it may reveal the version information in the response. Following methods are used for testing.

  1. GET
  2. POST
  3. PUT
  4. TRACE

Visiting Non-existing page

Server version can be grabbed in 404 error page. This function is written to visit some random page which is unlikely present on any Server.

Changing HTTP protocol or its version

According to OWASP document, sending malformed requests like changing HTTP protocol Name/Verb of Version is one of the useful test cases for determining Server version.

Sample Output

alt text

bannerdetect's People

Contributors

sitraj avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.