mirror of
https://github.com/home-assistant/home-assistant.io.git
synced 2025-05-08 12:08:58 +00:00
36d3f1087f
* Update sentence * Move fingerprint docs * Add more details * Add new section * Add content for new security section
1.7 KiB
1.7 KiB
layout, title, description, date, sidebar, comments, sharing, footer, redirect_from
| layout | title | description | date | sidebar | comments | sharing | footer | redirect_from |
|---|---|---|---|---|---|---|---|---|
| page | Web server fingerprint | Use nmap to scan your Home Assistant instance. | 2016-10-06 08:00 | true | false | true | true | /docs/frontend/webserver/ |
It was only a matter of time until the first queries for tools like https://www.shodan.io to search for Home Assistant instances showed up.
To get an idea about how your Home Assistant instance looks to a network scanner, you can use nmap. The nmap tool is already available if you are using the nmap device tracker.
$ nmap -sV -p 8123 --script=http-title,http-headers 192.168.0.3
Starting Nmap 7.60 ( https://nmap.org ) at 2018-05-29 18:16 CEST
Nmap scan report for 192.168.0.3
Host is up (0.0058s latency).
PORT STATE SERVICE VERSION
8123/tcp open http aiohttp 3.1.3 (Python 3.6)
| http-headers:
| Content-Type: text/html; charset=utf-8
| Content-Length: 3073
| Date: Tue, 29 May 2018 16:16:50 GMT
| Server: Python/3.6 aiohttp/3.1.3
| Connection: close
|
|_ (Request type: GET)
|_http-server-header: Python/3.6 aiohttp/3.1.3
|_http-title: Home Assistant
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.13 seconds
We don't have an unique server banner but in combination with the HTML title Home Assistant, is it simple to identify Home Assistant instances.
$ nc 192.168.0.3 8123
GET / HTTP/1.1
host: localhost
HTTP/1.1 200 OK
Server: Python/3.6 aiohttp/3.1.3
[...]
One option to avoid this exposure is using a reverse proxy.