Skip to content

Server and X-Powered-By Tester

test-server-and-x-powered-header.py


# python 3.4

import urllib.request
import urllib.parse

def test(main_url, headers={'Cookie': 'JSESSIONID='}, file="urls.txt"):
    with open(file) as loginFile:
        header_detected = False

        for _url in loginFile:

            full_url = main_url + _url.strip()

            try:
                req = urllib.request.Request(
                    full_url,
                    method='GET',
                    headers=headers,
                )

                response = urllib.request.urlopen(req)
                response_headers = response.getheaders()

                for header in response_headers:

                    if header[0] == 'Server':
                        header_detected = True
                        print("Server header detected: " + str(header) + " / " + full_url)

                    if header[0] == 'X-Powered-By':
                        header_detected = True
                        print("X-Powered-By header detected: " + str(header) + " / " + full_url)

                if not header_detected:
                    print("Clean: " + full_url)

            except Exception as e:
                print('Error', e)

test("http://www.your_app.com")

urls.txt

posts
jquery.js
bootstrap.min.js

Server header detected: ('Server', 'Apache') / http://www.your_app.com
X-Powered-By header detected: ('X-Powered-By', 'PHP') /http://www.your_app.com
Server header detected: ('Server', 'Apache') / http://www.your_app.com/posts
Server header detected: ('Server', 'Apache') / http://www.your_app.com"/jquery.js
Server header detected: ('Server', 'Apache') / http://www.your_app.com"/bootstrap.min.js