Identify the web server type and version.
Tactic 1: Use OSINT Sources
You can gather a lot of intelligence about the site and the server using Open Source Intelligence without making requests to the server itself (which creates log entries on the target system).
Tactic 2: BurpSuite
Tactic 3: CURL
You can try just using curl with no switches, but you might blocked. You will get a response like:
If that happens, add a fake user-agent string to the header (use -H to identify it). Then you really only want the server response and not the actual HTML, so use the -I switch. The -L is used to follow the 301 redirects if needed. Your curl command should look something like this:
curl -I -L -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" https://cloudnexusit.com
- Use a reverse proxy in front of the server