How to fingerprint a server with Netcat?

Question

I am trying to follow the OWASP test guide on a Kali Linux machine. As the first step in "Information Gathering" I am trying to fingerprint the server. The guide instructs me to use NetCat:

$ nc www.xxx.yy 80

But after several attempts I always get this result:

$ nc www.xxx.yy 80  
DNS fwd/rev ..............  
www.xxx.yy [IP] 80 (http) open

Instead when I use

$ whatweb www.xxx.yy

I was able to retrieve a lots of information, including:

HTTP Headers:   HTTP/1.1 200 OK     
Date: ***  
Server: Apache  
X-Powered-By: ******

Where is the error in my way to use Netcat?

score 2 · Accepted Answer · edited Mar 15 '18 at 19:12

2

It is not enough to open a connection to the target on port 80. You also need to perform an HTTP request like

GET / HTTP/1.1

and ideally send a user-agent...

edited Mar 15 '18 at 19:12

Anders

64,406
24
178
215

answered Sep 14 '16 at 10:14

kaidentity

2,634
13
30

Thanks using _printf "HEAD / HTTP/1.0\r\n\r\n" | nc ww.xxx.yy 80_ it works! – Hoper Sep 14 '16 at 10:54

How to fingerprint a server with Netcat?

1 Answers1