The first step in identifying technologies that comprise a Web application is to look at the HTTP header returned by the Web server. In most cases, the HTTP header can accurately identify the front-end Web server being used. A simple HTTP HEAD or GET request can be issued by using a utility such as Netcat to obtain the HTTP header. An HTTP header of a server running Apache looks like this:

Netcat recon command

UNIX> nc www.example.com 80

GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 04 Feb 2001 19:29:37 GMT
Server: Apache/1.3.19 (Unix)
Set-Cookie: Apache=192.168.51.1.308631012850977729; path=/; expires=Tue, 04-Feb-02 19:29:37 GMT
Last-Modified: Mon, 10 Dec 2001 04:48:34 GMT
ETag: “94b5d-1ef-3c143ea2″
Accept-Ranges: bytes
Content-Length: 495
Connection: close
Content-Type: text/html

The Server: field in the HTTP header reveals that it is an Apache 1.3.19 server and that it also supports SSL, mod_perl, and PHP 4.0. Not all Web servers are so verbose in their descriptions of the technologies being used. Even Apache can be configured to return only the bare minimum HTTP headers needed by the Web browser. An HTTP header from another Apache server is:

UNIX> nc www.example.com 80

GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 04 Feb 2001 19:12:35 GMT
Server: Apache/1.3.12 (Unix)
Connection: close
Content-Type: text/html

Here we have no idea about the types of application scripts that are running on this system. We need to observe more distinguishing characteristics in order to narrow the possibilities and identify the technologies present.