masaudsec/serverspy

GitHub: masaudsec/serverspy

Stars: 20 | Forks: 8

# 🕵️ ServerSpy **Full-stack server fingerprinting tool for bug bounty hunters and penetration testers.** [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Bash](https://img.shields.io/badge/Language-Bash-green.svg)](https://www.gnu.org/software/bash/) [![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS-blue.svg)]() [![Author](https://img.shields.io/badge/Author-masaudsec-red.svg)](https://masaudsec.com) ## 📸 Preview ┌──────────────────────────────────────────────────┐ │ 🕵️ ServerSpy v1.0 — masaudsec.com │ │ Full Server Fingerprinting Tool │ └──────────────────────────────────────────────────┘ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 DNS Resolution ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [+] IPv4 Address(es): 93.184.216.34 [+] CNAME: example.com.edgekey.net. [+] Nameservers: ns1.example.com ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🌐 HTTP Headers Analysis ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [+] Server: nginx/1.18.0 [+] CDN Detected: Cloudflare [+] WAF Detected: Cloudflare WAF [✓] HSTS [✗] CSP Missing ## 🔍 What It Does ServerSpy runs **10 recon modules** automatically on any target: | # | Module | Tools Used | What It Finds | |---|--------|-----------|---------------| | 1 | **DNS Resolution** | `dig` | IPv4, IPv6, CNAME, MX, NS, TXT, PTR (rDNS) | | 2 | **WHOIS & ASN** | `whois`, ipinfo.io | Registrar, ISP, ASN, location, org | | 3 | **HTTP Headers** | `curl` | Server, CDN, WAF, security headers, cookies | | 4 | **Tech Stack** | `whatweb` | CMS, framework, languages, libraries | | 5 | **SSL/TLS Certificate** | `openssl` | CA, SANs, TLS version, validity | | 6 | **Port Scan** | `nmap` | Open web ports + service versions | | 7 | **Passive Intel** | HackerTarget, crt.sh | Reverse IP hosts, subdomains | | 8 | **Traceroute** | `traceroute` | Network path, hops | | 9 | **Robots & Sitemap** | `curl` | Disallowed paths, sitemap | | 10 | **Auto-Install** | apt/pacman/brew | Missing tools auto-installed | ## ⚡ Quick Start # Clone git clone https://github.com/masaudsec/serverspy.git cd serverspy # Make executable chmod +x serverspy.sh # Single target ./serverspy.sh example.com # With protocol (auto-stripped) ./serverspy.sh https://example.com # List of targets ./serverspy.sh -l targets.txt ## 📦 Installation ### Kali Linux / Ubuntu / Debian git clone https://github.com/masaudsec/serverspy.git cd serverspy chmod +x serverspy.sh ./serverspy.sh example.com # auto-installs missing tools on first run ### macOS # Install Homebrew tools first brew install nmap whatweb curl wget git clone https://github.com/masaudsec/serverspy.git cd serverspy chmod +x serverspy.sh ./serverspy.sh example.com ### Dependencies ServerSpy auto-installs missing dependencies using `apt`, `pacman`, or `brew`. You can also install manually: # Debian/Ubuntu/Kali sudo apt install -y curl wget dnsutils whois nmap whatweb traceroute openssl # Arch/Manjaro sudo pacman -S curl wget bind whois nmap whatweb traceroute openssl # macOS brew install curl wget nmap whatweb ## 🎯 Usage # Single domain ./serverspy.sh target.com # Single domain with protocol ./serverspy.sh https://target.com # Bulk scan from list ./serverspy.sh -l domains.txt # Help ./serverspy.sh --help ### Output Results are automatically saved to `serverspy_results/` folder: serverspy_results/ └── example.com_20260308_143022.txt ## 🔎 Detection Capabilities ### CDN Detection - Cloudflare - AWS CloudFront - Fastly - Akamai - Netlify - Vercel - GitHub Pages - Sucuri - Imperva ### WAF Detection - Cloudflare WAF - Sucuri WAF - ModSecurity - Fortinet WAF - Akamai WAF ### Security Headers Audit - HSTS (HTTP Strict Transport Security) - CSP (Content Security Policy) - X-Frame-Options - X-Content-Type-Options - Referrer-Policy - Permissions-Policy ### Cookie Security Flags - HttpOnly - Secure - SameSite ## 📋 Example Output ╔══════════════════════════════════════════════════╗ ║ 🎯 Target: netflix.com ╚══════════════════════════════════════════════════╝ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 DNS Resolution ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [+] IPv4 Address(es): 54.74.73.0 [+] CNAME: ipv4_1.netflix.com. [+] Nameservers: ns1.p47.dynect.net. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🏢 WHOIS & ASN Info ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [+] Registrar: MarkMonitor, Inc. [+] ASN / ISP: AS2906 NETFLIX-ASN [+] Location: Los Gatos, California, US ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🌐 HTTP Headers Analysis ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ [+] Server: openresty [+] Via (Proxy/CDN): 1.1 netflix.com (Envoy) [✓] HSTS [✓] CSP [✓] X-Frame-Options ## 🛡️ Legal Disclaimer ## 👤 Author **Masaud Ahmad** — [@masaudsec](https://masaudsec.com) - 🌐 Website: [masaudsec.com](https://masaudsec.com) - Bug bounty hunter & offensive security educator - Building tools for the security community ## 📄 License This project is licensed under the **MIT License** — see the [LICENSE](LICENSE) file for details.