Fingerprinting

Introduction

Fingerprinting focuses on extracting technical details about the technologies powering a website or web application.

Fingerprinting Techniques

  • Banner Grabbing: Banner grabbing involves analyzing the banners presented by web servers and other services which often reveal the server software, version numbers, and other details.

  • Analyzing HTTP Headers: HTTP headers transmitted with every web page request and response includes some headers like Server which typically discloses the web server software, and X-Powered-By which might reveal additional technologies like scripting languages or frameworks.

  • Probing for Specific Responses: Sending specially crafted requests to the target can elicit unique responses that reveal specific technologies or versions. For example, certain error messages or behaviors are characteristic of particular web servers or software components.

  • Analyzing Page Content: A web page's content, including its structure, scripts, and other elements, can often provide clues about the underlying technologies. There may be a copyright header that indicates specific software being used, for example.

Fingerprinting Tools

  • Wappalyzer - Browser extension and online service for website technology profiling

  • BuiltWith - Web technology profiler that provides detailed reports on a website's technology stack

  • WhatWeb - Command-line tool for website fingerprinting

  • Nmap - Versatile network scanner that can be used for various reconnaissance tasks, including service and OS fingerprinting

  • Netcraft - Offers a range of web security services, including website fingerprinting and security reporting

  • wafw00f - Command-line tool specifically designed for identifying Web Application Firewalls (WAFs)

Some Tools Usage

We can use curl command for this:

$ curl -I example.com

Here, -I flag is for including only the headers of response.

Wafw00f

$ wafw00f example.com

This might let us know about the WAF (Web Application Firewall) of the target system.

Nikto

Nikto is a powerful open-source web server scanner, also used for vulnerability assessment.

$ nikto -h example.com -Tuning b

The -h flag specifies the target host. The -Tuning b flag tells Nikto to only run the Software Identification modules.

This might reveal some information which includes:

  • IPs (target's IPv4 and IPv6 resolution)

  • Server technology (Apache/2.4.41 (Ubuntu))

  • WordPress presence (/wp-login.php)

  • Information disclosure (licence.txt file that can revelal about the target's software components)

  • Headers (insecure headers like x-redirect-by)

PreviousCertificate Transparency LogsNextCrawling

Last updated