Different webservers, why not?

During security audits of large infrastructures you probably detect system which provide services you don’t know very well. For me tomcat is such a service. Never installed or configured tomcat by myself and never used it. I think that out there are a lot guys in the same position as I am. Well, maybe it’s not tomcat but cherokee or another web server. You see right now I am only talking about web server (see next section) but you can replace web server with a service of your choice.

My idea is now that the Fedora Security Lab Test bench could provide a couple of web servers. Meaning that you can have ready to use installations of apache, lighttpd, nginx, cherokee, tomcat, and some not so well-known servers (mini_httpd, etc.). This will generate a lot of different fingerprints and will be bannergrabbing fun while reconnaissance 😉

I will think about doing the same with ftp servers. If you know about another web server not mentioned in this blog post, please leave a comment or send a pull request.

This entry was posted in Fedora, Fedora Security Lab, Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.