Banners expose information related with the name of the web server and the version that is running on the server. Some expose the backend technology (PHP, Java, Python) used and its version. The production version could have public or non-public failures, so it is always a good practice to test the banners that return the servers that we have publicly exposed, to see whether they expose some type of information that we do not want to be public.

Using the standard Python libraries, it is possible to create a simple program that connects to a server and captures the banner of the service included in the response to the request. The simplest way to obtain the banner of a server is by using the socket module. We can send a get request and get the response through the recvfrom() method, which would return a tuple with the result.

You can find the following code in the BannerServer.py file:

import socket
import argparse
import re
parser = argparse.ArgumentParser(description='Get banner server')
# Main arguments
parser.add_argument("-target", dest="target", help="target IP", required=True)
parser.add_argument("-port", dest="port", help="port", type=int, required=True)
parsed_args = parser.parse_args()
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((parsed_args.target, parsed_args.port))
sock.settimeout(2)
http_get = b"GET / HTTP/1.1
Host: "+parsed_args.target+"

"
data = ''
try:
    sock.sendall(http_get)
    data = sock.recvfrom(1024)
    data = data[0]
    print data
    headers = data.splitlines()
    #  use regular expressions to look for server header
    for header in headers:
        if re.search('Server:', header):
            print(header)
except socket.error:
    print ("Socket error", socket.errno)
finally:
    sock.close()

The previous script accepts the target and the port as parameters:

In this case, we obtain the web server version on port 80:

python .BannerServer.py -target www.google.com -port 80