Web server fingerprinting is one of the critical task for a penetration tester. By knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing. Geting the information about the types and version of the services that uses in the web server helps to find known vuln and exploites for that services during the test. A peneration tester will store information related to how each type of web server responds to specific commands. The tester can send these commands to the web server, analyze the response, and compare it to the database of known signatures.
By analyzing the response the tester will know the server type. This gives an idea to the tester on how to attack.
A tester can find any possible vulnerabilities in the application and can exploit that vulnerability to attack the system.