Information Gatheringwebfingerprintingserverhttpsignatures

httprint

httprint is a web server fingerprinting tool that identifies web servers based on their characteristics, even if obfuscated by banner changes or plugins. It can also detect web-enabled devices without server banners, such as routers and access points.

Description

httprint is a web server fingerprinting tool designed to accurately identify web servers despite obfuscation techniques like changing server banner strings or using plugins such as mod_security or servermask. It relies on unique text signature strings from server responses, making it easy to extend the signature database for new servers or devices.

Use cases include reconnaissance during penetration testing to identify server types, detecting hidden web services on network devices like wireless access points, routers, switches, and cable modems. The tool supports input from hosts, files, or Nmap XML outputs, with flexible output formats for reporting.

It is particularly useful in scenarios where standard banner grabbing fails due to masking, providing deeper insights into the web infrastructure for further vulnerability assessment.

How It Works

httprint sends HTTP requests to target hosts and analyzes server responses using a database of text signature strings that match unique characteristics in headers, error pages, and other responses. These signatures allow identification even without standard server banners. It supports HTTP and HTTPS (with automatic SSL detection unless disabled), handles redirects optionally, and uses multithreading for efficiency across IP ranges or lists.

Installation

bash

sudo apt install httprint

Flags

-h <host>host can be either an IP address, a symbolic name, an IP range or a URL.

-i <input file>file containing list of hosts as described above in text format.

-x <nmap xml file>Nmap -oX option generated xml file as input file. Ports which can be considered as http ports are taken from the nmapportlist.txt file.

-s <signatures>file containing http fingerprint signatures.

-o <output file>output in html format.

-oc <output file>output in csv format.

-ox <output file>output in xml format.

-noautosslDisable automatic detection of SSL.

-tp <ping timeout>Ping timeout in milliseconds. Default is 4000 ms. Maximum 30000 ms.

-ct <1-100>Default is 75. Do not change.

-ua <User Agent>Default is Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0.

-t <timeout>Connection/read timeout in milliseconds. Default is 10000 ms. Maximum 100000 ms.

-r <retry>Number of retries. Default is 3. Maximum 30.

-P0Turn ICMP ping off.

-nrNo redirection. Do not automatically follow 301, 302 responses. Enabled by default.

-th <threads>Number of threads. Default is 8. Maximum 64.

Examples

Fingerprints a single host using the specified signatures file.

httprint -h www1.example.com -s signatures.txt

Fingerprints an HTTPS host.

httprint -h https://www2.example.com/ -s signatures.txt

Fingerprints a host on a non-standard port 8080.

httprint -h http://www3.example.com:8080/ -s signatures.txt

Fingerprints a host with automatic SSL detection disabled.

httprint -h www1.example.com -s signatures.txt -noautossl

Fingerprints an IP range and outputs results in HTML format.

httprint -h 10.0.1.1-10.0.1.254 -s signatures.txt -o 10_0_1_x.html

Uses Nmap XML input and outputs results in CSV format.

httprint -x nmap.xml -s signatures.txt -oc report.csv

Uses Nmap XML input and outputs results in XML format.

httprint -x nmap.xml -s signatures.txt -ox report.xml

Processes hosts from a text file with 16 threads and HTML output.

httprint -i input.txt -s signatures.txt -o output.html -th 16

Updated 2026-04-16kali.org ↗