Description
This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lee’s hmap. One configurable parameters exist:
- genFpF
If genFpF is set to True, a fingerprint file is generated. Fingerprint files are used to identify web servers, if you generate new files please send them to the w3af-develop mailing list so we can add it to the framework. One important thing to notice is that hmap connects directly to the remote web server, without using the framework HTTP configurations (like proxy or authentication).
Plugin type
Options
| Name | Type | Default Value | Description | Help |
| genFpF | boolean | False | Generate a fingerprint file. | Define if we will generate a fingerprint file based on the findings made during this execution. |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin depends on infrastructure.server_header.
