这可行吗?我可以找出哪个发行版用于托管特定网页吗? Whois 没有这方面的信息。
答案1
地图能检测/猜测操作系统信息的远程服务器。
操作系统检测
Nmap 最著名的功能之一是使用 TCP/IP 堆栈指纹进行远程操作系统检测。 Nmap 向远程主机发送一系列 TCP 和 UDP 数据包,并检查响应中的几乎每一位。在执行了数十项测试(例如 TCP ISN 采样、TCP 选项支持和排序、IP ID 采样以及初始窗口大小检查)后,Nmap 将结果与其包含 2,600 多个已知操作系统指纹的 nmap-os-db 数据库进行比较,并打印出来操作系统详细信息(如果存在匹配)。每个指纹包括操作系统的自由形式文本描述,以及提供供应商名称(例如 Sun)、底层操作系统(例如 Solaris)、操作系统代(例如 10)和设备类型(通用、路由器、交换机、游戏)的分类。控制台等)。大多数指纹还具有通用平台枚举 (CPE) 表示形式,例如 cpe:/o:linux:kernel:2.6。
例子
[root@liuyan liuyan]# nmap -A -T4 www.kernel.org
Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-07 21:18 CST
Nmap scan report for www.kernel.org (149.20.4.69)
Host is up (0.31s latency).
Other addresses for www.kernel.org (not scanned): 149.20.20.133
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.3.4
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxrwx--- 2 536 528 4096 May 21 2001 for_mirrors_only
| drwxr-xr-x 11 536 536 4096 Dec 01 2011 pub
|_lrwxrwxrwx 1 0 0 10 Apr 21 2007 welcome.msg -> pub/README
22/tcp open ssh OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey: 1024 01:6f:7b:00:d2:78:e7:68:ef:68:e0:5e:c7:ee:42:28 (DSA)
|_2048 d4:2a:5b:81:00:a9:e9:b2:75:8c:af:40:ee:a0:1b:8e (RSA)
80/tcp open http Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open ssl/http Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 16 disallowed entries (15 shown)
| /cgi-bin/ /pub/mirrors/ /pub/scm/
| /mirrors/process-registration.cgi /lsb/ /linuxeda/ /os.org/ /debian/ /debian-cd/ /lanana/
|_/li18nux/ /freestandards/ /filehub/ /diff/ /git/
| ssl-cert: Subject: commonName=*.kernel.org/organizationName=The Linux Kernel Organization/stateOrProvinceName=California/countryName=US
| Not valid before: 2012-01-03 00:00:00
|_Not valid after: 2014-04-03 23:59:59
|_http-title: The Linux Kernel Archives
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
873/tcp open rsync (protocol version 30)
4444/tcp filtered krb524
Device type: general purpose|storage-misc|WAP|media device|webcam
Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (92%), HP embedded (89%), Netgear embedded (87%), Western Digital embedded (87%), Linksys Linux 2.4.X (86%), AXIS Linux 2.6.X (85%), Asus Linux 2.6.X (85%)
OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:3 cpe:/o:linux:kernel:2.6.22 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:axis:linux:2.6 cpe:/h:asus:rt-n16 cpe:/o:asus:linux:2.6
Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 2.6.38 (90%), HP P2000 G3 NAS device (89%), Linux 2.6.22 - 2.6.36 (87%), Linux 2.6.23 - 2.6.38 (87%), Linux 2.6.31 - 2.6.35 (87%), Linux 3.0 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.39 (87%), Netgear DG834G WAP or Western Digital WD TV media player (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 17 hops
Service Info: OS: Unix
TRACEROUTE (using port 1723/tcp)
HOP RTT ADDRESS
- Hops 1-6 are the same as for 69.59.197.21
7 ... 8
9 35.89 ms 69.0.112.112.broad.km.yn.dynamic.163data.com.cn (112.112.0.69)
10 13.22 ms 210.78.7.66
11 10.99 ms 218.105.1.42
12 19.59 ms 210.52.132.230
13 166.83 ms 217.6.49.181
14 286.39 ms 202.97.50.102
15 301.44 ms 80.156.160.90
16 ...
17 328.42 ms pub2.kernel.org (149.20.4.69)
答案2
如果您有权访问服务器,您可以尝试获取文件/etc/issue
和/或/etc/issue.net
- 例如使用脚本语言。
如果您无权访问它,请尝试检查网络服务器标头:
wget -Sq -O /dev/null http://www.example.org