Windows & Linux Webserver Audit

Find Windows & Linux Webserver Components

Finding which servers host a website can be a great way to identify the impact of webserver-based vulnerabilities or to get a better overview of which servers contain web hosting components to ensure no hosted sites are left behind.

It is highly recommended to enable Windows process scanning before running this report. You can do this by enabling the PROCESS item in Scanning\Scanned item interval

The report below provides an overview of all machines where one of the following web hosting components have been found:

  • Software: Nginx, Tomcat, Apache, Litespeed
  • Windows Feature: IIS
  • Windows Process: Nginx, Tomcat, Apache
  • Windows Service: Apache, IIS Express, IIS

Windows & Linux Webserver Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
software.softwareName As Software,
software.softwareVersion As [Software Version],
feature.featureCaption As Feature,
processes.Caption As Process,
serv.Caption As Service,
serv.State As [Service State],
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Top 1000000 tblAssets.AssetID,
tblFeatureUni.featureCaption
From tblAssets
Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
Inner Join tblFeatureUni On tblFeatureUni.featUniID = tblFeature.featUniId
Where (tblFeatureUni.featureCaption Like '%IIS-WebServerRole%' Or
tblFeatureUni.featureCaption Like '%IIS-webserver%')) As feature On
feature.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
tblSoftwareUni.softwareName,
tblSoftware.softwareVersion
From tblAssets
Inner Join tblSoftware On tblSoftware.assetid = tblAssets.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
Where (tblSoftwareUni.softwareName Like '%nginx%' Or
tblSoftwareUni.softwareName Like '%tomcat%' Or
tblSoftwareUni.softwareName Like '%apache%')) As software On
software.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
tblProcesses.Caption
From tblAssets
Inner Join tblProcesses On tblProcesses.AssetID = tblAssets.AssetID
Where (tblProcesses.Caption Like '%nginx%' Or tblProcesses.Caption
Like '%tomcat%' Or tblProcesses.Caption Like '%apache%')) As processes
On processes.AssetID = tblAssets.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
tblServicesUni.Caption,
tblServiceState.State
From tblAssets
Inner Join tblServices On tblServices.AssetID = tblAssets.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceStartMode On tblServiceStartMode.StartID =
tblServices.StartID
Inner Join tblServiceState On tblServiceState.StateID =
tblServices.StateID
Where (tblServicesUni.Caption Like '%apache%' Or
tblServicesUni.Caption Like '%IIS Express%' Or
tblServicesUni.Caption Like '%World Wide Web Publishing Service%')) As serv
On serv.AssetID = tblAssets.AssetID
Where (software.softwareName Is Not Null Or feature.featureCaption Is Not Null
Or processes.Caption Is Not Null Or serv.Caption Is Not Null) And
tblState.Statename = 'Active'
Union
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
software.softwareName As [Software Version],
software.Version As [Software Version],
'' As Feature,
'' As Process,
'' As Service,
'' As [Service State],
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
tblSoftwareUni.softwareName,
tblLinuxSoftware.Version
From tblAssets
Inner Join tblLinuxSoftware On
tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblLinuxSoftware.SoftwareUniID
Where (tblSoftwareUni.softwareName Like '%nginx%' Or
tblSoftwareUni.softwareName Like '%tomcat%' Or
tblSoftwareUni.softwareName Like '%apache%' Or
tblSoftwareUni.softwareName Like '%litespeed%')) As software On
software.AssetID = tblAssets.AssetID
Where software.softwareName Is Not Null And tblState.Statename = 'Active'
Order By tblassets.Domain,
tblassets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting