Identifying the Infrastructure: A Guide to the Server Fingerprinting

Server fingerprinting is the task of identifying the type and version of server that a target is running on. While web server…

Nitin Rai

~2 min read · March 11, 2026 (Updated: March 11, 2026) · Free: Yes

Server fingerprinting is the task of identifying the type and version of server that a target is running on. While web server fingerprinting is often encapsulated in automated testing tools, it is important for researchers to understand the fundamentals of how these tools attempt to identify software, and why this is useful.

Accurately discovering the type of web server that an application runs on can enable security testers to determine if the application is vulnerable to attack. In particular, servers running older versions of software without up-to-date security patches can be susceptible to known version-specific exploits.

1️. Check Basic Connectivity (example target 192.168.1.21)

First confirm the target is reachable. ping -c 4 192.168.1.21 Look for:

TTL value (gives rough OS hint)

Packet loss

Latency

Example OS hints:

TTL Possible OS 64 Linux 128 Windows 255 Network device

2️. Perform Nmap OS Fingerprinting

sudo nmap -O 192.168.1.21 OS details: Linux 5.x Network Distance: 1 hop

For better accuracy sudo nmap -O — osscan-guess 192.168.1.21

3️. Service Version Detection

This is the most important fingerprinting step.

sudo nmap -sV 192.168.1.21

Example output

PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2 80/tcp open http Apache httpd 2.4.41 3306/tcp open mysql MySQL 5.7

Now you know:

Web server

SSH version

Database version

4️ Full Aggressive Scan (Recommended in Lab)

This performs OS detection + version + scripts + traceroute

sudo nmap -A 192.168.1.21

This reveals:

services

versions

vulnerabilities

host scripts

5️ Full Port Scan

Sometimes services run on non-standard ports.

sudo nmap -p- 192.168.1.21

or faster:

sudo nmap -p- — min-rate 5000 192.168.1.21

Then run version scan on discovered ports.

Example:

sudo nmap -sV -p 22,80,8080,3306 192.168.1.21

6️ Web Server Fingerprinting

If port 80 or 443 is open.

Using WhatWeb whatweb http://192.168.1.21

Example output

Apache[2.4.41] PHP[7.4] WordPress

Using Wappalyzer (CLI) wappalyzer http://192.168.1.21

7️ Banner Grabbing

Extract service banners.

Netcat nc 192.168.1.21 22

Example:

SSH-2.0-OpenSSH_8.2p1 Ubuntu

Curl (Web Server) curl -I http://192.168.1.21

Example:

Server: Apache/2.4.41 (Ubuntu)

8️ SMB Fingerprinting (If Windows Server) nmap — script smb-os-discovery.nse -p445 192.168.1.21

Example output

OS: Windows Server 2019 Computer name: TESTSERVER Domain: WORKGROUP

9️ Use Nikto for Web Server Fingerprinting nikto -h http://192.168.1.21

Nikto detects

server version

misconfigurations

outdated software

10 Automated Fingerprinting (Recon in One Command) sudo nmap -sS -sV -O -A -T4 192.168.1.21

This is commonly used in VAPT reconnaissance phase.

#vapt

Identifying the Infrastructure: A Guide to the Server Fingerprinting

Server fingerprinting is the task of identifying the type and version of server that a target is running on. While web server…

Reporting a Problem