Nice tool, it helps to fingerprint webservers. Better yet, it detects fake banners
Example:
This was the typical banner returned from a webserver I know.HTTP/1.1 200 OK
Date: Tue, 04 Mar 2008 18:56:50 GMT
Server: Microsoft-IIS/5.0
Last-Modified: Thu, 21 Feb 2008 06:18:37 GMT
ETag: "16b0950-584-1377a940"
Accept-Ranges: bytes
Content-Length: 1412
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/html
I know its not a IIS 5.0 server, but it say it is.
HttpRecon checks the OS and matches it to a database, here are the results on the same site:
http://www.computec.ch/projekte/httprecon/httprecon 4.3 Report
Target: www.xxxxx.net:80 (8 test cases)
Auditor: Intruder
Scan: 3/4/2008 - 1:57:27 PM
Export: 3/4/2008 - 2:01:30 PM
Summary
An advanced web server fingerprinting for the host www.xxxxxx.net and port tcp/80 was done with 8 test cases at 3/4/2008 1:57:27 PM.
This analysis was able to determine the target httpd service as Apache 2.2.4 with 93 fingerprint hits in the database.
End of file.
DNR