Each subdomain returns headers + HTML simulating a specific service version. Many services also include stub routes for deeper scanner detection.
| Subdomain | Server Header | X-Powered-By | Page Title | Stub Routes |
|---|---|---|---|---|
| nginx-old | nginx/1.18.0 |
— |
Welcome to nginx! | 2 routes |
| nginx-new | nginx/1.27.4 |
— |
Welcome to nginx! | 1 routes |
| apache-old | Apache/2.4.49 (Unix) |
— |
Apache2 Ubuntu Default Page: It works | 2 routes |
| apache-vuln | Apache/2.4.50 (Unix) |
— |
Apache2 Ubuntu Default Page: It works | 1 routes |
| php-old | Apache/2.4.41 (Ubuntu) |
PHP/5.6.40 |
PHP Version 5.6.40 | 1 routes |
| php-new | Apache/2.4.58 (Ubuntu) |
PHP/8.3.8 |
PHP Version 8.3.8 | — |
| wordpress | Apache/2.4.54 (Unix) |
PHP/7.4.33 |
Test Blog – Just another WordPress site | 12 routes |
| struts | Apache-Coyote/1.1 |
Struts/2.3.31 |
Struts2 Application | 2 routes |
| Service | Path | Description |
|---|---|---|
| wordpress | /wp-json/ | REST API — version disclosure |
| wordpress | /wp-login.php | Login page with versioned CSS |
| wordpress | /readme.html | WordPress version readme |
| wordpress | /xmlrpc.php | XML-RPC endpoint |
| wordpress | /xmlrpc.php?rsd | RSD (Really Simple Discovery) |
| wordpress | /robots.txt | WordPress-style robots.txt |
| struts | /struts/webconsole.html | OGNL console |
| struts | /login.action | Struts action endpoint |
| apache-* | /server-status | mod_status (403) |
| nginx-* | /nginx_status | stub_status page |