WebApp Information Gatherer - WIG

Footprinting and information gathering, the first and most important step of penetration testing. To become a successful ethical hacker you need to implement every step and process of pentesting, not only implement but to implement it efficiently. If we talk about web application penetration testing then it is very important to identify the software running behind a target website, most of the websites are now based on CMS (content management system) so we need to identify the name and version of the CMS.

These information are very helpful to identify the vulnerabilities on a website, imagine if you know the software name with its version then you can find the exploits available on Internet (how easy is to hack into a website). But CMS identification requires some time and effort, this is why developers have created automatic tools to do the job.

You might have heard about whatweb and blindelephant, yes these tools are used to identify the CMS running on a website; whether it is wordpress, Joomla and any other. Now at this stage I would like to share another tool called WIG.

WebApp Information Gatherer

wig identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files.
OS identification is done by using the value of the 'server' and 'X-Powered-By' in the response header. These values are compared to a database of which package versions are include with different operating systems.
There are currently three profiles:
1. Only send one request: wig only sends a request for '/'. All fingerprints matching this url are tested.
2. Only send one request per plugin: The url used in most fingerprints is used
4. All fingerprints: All fingerprints are tested
Example of WIG

# python3

CMS                  Drupal CMS: [7.25, 7.24, 7.26, 7.23, 7.22]
Operating System     Microsoft Windows Server: [2008 R2]
Server Info          Microsoft-IIS: [7.5, 6.0]
Time: 18.0 sec | Plugins: 65 | Urls: 324 | Fingerprints: 14178

WebApp Information Gatherer - WIG Reviewed by Ethical Hacking on 1:31 PM Rating: 5

No comments:

Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.