{"id":20292484,"url":"https://github.com/mauricelambert/webserveridentifier","last_synced_at":"2025-08-24T12:32:38.410Z","repository":{"id":62588558,"uuid":"477444571","full_name":"mauricelambert/WebServerIdentifier","owner":"mauricelambert","description":"This package identifies Web servers using an aggressive technique based on the maximum size of the URI.","archived":false,"fork":false,"pushed_at":"2022-06-11T17:30:11.000Z","size":64,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-14T09:14:41.619Z","etag":null,"topics":["http","http-server","identification","identify","pypi-package","python3","server","web"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mauricelambert.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-03T19:29:10.000Z","updated_at":"2022-04-03T19:31:31.000Z","dependencies_parsed_at":"2022-11-03T17:48:05.221Z","dependency_job_id":null,"html_url":"https://github.com/mauricelambert/WebServerIdentifier","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FWebServerIdentifier","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FWebServerIdentifier/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FWebServerIdentifier/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mauricelambert%2FWebServerIdentifier/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mauricelambert","download_url":"https://codeload.github.com/mauricelambert/WebServerIdentifier/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241787485,"owners_count":20020101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","http-server","identification","identify","pypi-package","python3","server","web"],"created_at":"2024-11-14T15:17:31.300Z","updated_at":"2025-03-04T05:13:38.049Z","avatar_url":"https://github.com/mauricelambert.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![WebServerIdentifier logo](https://mauricelambert.github.io/info/python/security/WebServerIdentifier_small.png \"WebServerIdentifier logo\")\r\n\r\n# WebServerIdentifier\r\n\r\n## Description\r\n\r\nThis package identifies Web servers using an aggressive technique based on the maximum size of the URI. In some configurations this technique can even identify web servers placed behind a proxy web server without any identifiable content.\r\n\r\nFor more information about this technique, please read this [PDF](https://www.slideshare.net/MauriceLambert1/webmaxuriidentifierpdf) ([github.io](https://mauricelambert.github.io/info/python/security/Web-MaxUriIdentifier.pdf)).\r\n\r\nThis technique performs an in depth identification with certain configurations. An example is available at the [bottom of this README](https://github.com/mauricelambert/WebServerIdentifier#in-depth-identification).\r\n\r\n## Requirements\r\n\r\nThis package require:\r\n - python3\r\n - python3 Standard Library\r\n - PythonToolsKit\r\n\r\n## Installation\r\n\r\n```bash\r\npip install WebServerIdentifier\r\n```\r\n\r\n## Usages\r\n\r\n### Command lines\r\n\r\n```bash\r\npython3 -m WebServerIdentifier -h # Use python module\r\npython3 WebServerIdentifier.pyz --help # Use python executable\r\n\r\nWebIdentify -d -v -m HEAD identify 127.0.0.1 # Use console script entry point\r\nWebIdentify -i 1 identify 127.0.0.1:8000 # Spoof multiple targets (verbose mode)\r\nWebIdentify -m HEAD getmaxuri 127.0.0.1:8000 # Spoof range of targets\r\nWebIdentify -d -v -m HEAD -i 1 getmaxuri 127.0.0.1 # Spoof all network\r\n\r\nWebIdentify 127.0.0.1 127.0.0.0/29 -s -t 1 # Semi (spoof only gateway IP for the targets, interval is 1 seconds)\r\nWebIdentify 127.0.0.1 127.0.0.0/29 -i 127.0. # Use the loopback interface\r\n\r\nWebIdentify 172.16.10.1 172.16.0.33 -p # Passive mode\r\n```\r\n\r\n### Python3\r\n\r\n```python\r\nfrom WebServerIdentifier import WebServerIdentifier, _create_unverified_context\r\n\r\nidentifier = WebServerIdentifier(\"127.0.0.1\", baseuri=\"/\", ssl=True, context=_create_unverified_context(), port=8000, interval=0.5, timeout=2)\r\nidentifier = WebServerIdentifier(\"127.0.0.1\")\r\n\r\nresponse = identifier.request()\r\nresponse.status\r\nresponse.reason\r\n\r\nr = identifier.request(method=\"HEAD\", size=65535)\r\nr.status\r\nr.reason\r\n\r\nfor size, r in identifier.get_max_URI_size():\r\n print(size, r.status, r.reason)\r\n\r\nfor size, r in identifier.get_max_URI_size(method=\"HEAD\"): pass\r\n\r\nfor r, size, servers in identifier.identify_server(): pass\r\n\r\nfor r, size, servers in identifier.identify_server(method=\"HEAD\"):\r\n print(size, r.status, r.reason, servers)\r\n\r\nserver = server.pop()\r\n```\r\n\r\n## In depth identification\r\n\r\nIn this example, we have a ruby web server protected by an NGINX web proxy. The maximum ruby web server URI size is 2015 characters and the maximum NGINX web proxy URI size is 6132 characters. It is possible to detect the ruby web server without any specific content, this screenshot proves it:\r\n\r\n![In depth Indentifaction - Screenshot](https://mauricelambert.github.io/info/python/security/InDepthIdentification.png \"In depth Indentifaction\")\r\n\r\n## Links\r\n\r\n - [Github Page](https://github.com/mauricelambert/WebServerIdentifier)\r\n - [Pypi](https://pypi.org/project/WebServerIdentifier/)\r\n - [Documentation](https://mauricelambert.github.io/info/python/security/WebServerIdentifier.html)\r\n - [Executable](https://mauricelambert.github.io/info/python/security/WebServerIdentifier.pyz)\r\n - [PDF](https://www.slideshare.net/MauriceLambert1/webmaxuriidentifierpdf) ([github.io](https://mauricelambert.github.io/info/python/security/Web-MaxUriIdentifier.pdf)))\r\n\r\n## Help\r\n\r\n```text\r\nusage: WebServerIdentifier.py [-h] [--method METHOD] [--baseuri BASEURI] [--interval INTERVAL] [--ssl] [--timeout TIMEOUT] [--verbose] [--debug] {identify,getmaxuri} target\r\n\r\nThis package identifies target's web server.\r\n\r\npositional arguments:\r\n {identify,getmaxuri} Identify the target's web server or get the maximum size of the URI.\r\n target Host targeted (examples: 10.101.10.101:8000, example.com)\r\n\r\noptional arguments:\r\n -h, --help show this help message and exit\r\n --method METHOD, -m METHOD\r\n HTTP method to request the Web Server\r\n --baseuri BASEURI, -b BASEURI\r\n Base URI to request the target.\r\n --interval INTERVAL, -i INTERVAL\r\n Requests interval.\r\n --ssl, -s Use HTTPS (SSL, encryption).\r\n --timeout TIMEOUT, -t TIMEOUT\r\n Set timeout for HTTP requests.\r\n --verbose, -v Active verbose mode.\r\n --debug, -d Active debugging mode (set level debug for all loggers).\r\n```\r\n\r\n## Licence\r\n\r\nLicensed under the [GPL, version 3](https://www.gnu.org/licenses/).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricelambert%2Fwebserveridentifier","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmauricelambert%2Fwebserveridentifier","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmauricelambert%2Fwebserveridentifier/lists"}