# Introduction - Fingerprinting focuses on extracting technical details for the SW powering a website or web app - Type/version info re: web servers, operating systems, and software components can reveal critical information about a target's infrastructure and potential security weaknesses # Fingerprinting Techniques - Banner grabbing: Banner grabbing involves analyzing the banners presented by web servers and other services - These banners often reveal the server software, version numbers, and other details ```bash #try various permutations curl -I inlanefreight.com curl -I https://inlanefreight.com curl -I https://www.inlanefreight.com ``` - Analyzing HTTP Headers: HTTP headers transmitted with every web page request and response contain a wealth of information - The Server header typically discloses the web server software, while the `X-Powered-By` header might reveal additional technologies like scripting languages or frameworks. - Probing for Specific Responses: Sending specially crafted requests to the target can elicit unique responses that reveal specific technologies or versions - For example, certain error messages or behaviors are characteristic of particular web servers or software components - Analyzing Page Content - Go to website in browser and press crtl+u - Run a `curl inlanefreight.local` ## Common fingerprinting tools |Tool|Description|Features| |---|---|---| |`Wappalyzer`|Browser extension and online service for website technology profiling.|Identifies a wide range of web technologies, including CMSs, frameworks, analytics tools, and more.| |`BuiltWith`|Web technology profiler that provides detailed reports on a website's technology stack.|Offers both free and paid plans with varying levels of detail.| |`WhatWeb`|Command-line tool for website fingerprinting.|Uses a vast database of signatures to identify various web technologies.| |`Nmap`|Versatile network scanner that can be used for various reconnaissance tasks, including service and OS fingerprinting.|Can be used with scripts (NSE) to perform more specialised fingerprinting.| |`Netcraft`|Offers a range of web security services, including website fingerprinting and security reporting.|Provides detailed reports on a website's technology, hosting provider, and security posture.| |`wafw00f`|Command-line tool specifically designed for identifying Web Application Firewalls (WAFs).|Helps determine if a WAF is present and, if so, its type and configuration.| - `wafw00f` example ![[images/Pasted image 20251027154505.png]] - `Nikto` example ``` #install Nikto sudo apt update && sudo apt install -y perl git clone https://github.com/sullo/nikto cd nikto/program chmod +x ./nikto.pl #run Nikto with only SW identificaiotn modules nikto -h inlanefreight.com -Tuning b ``` ![[images/Pasted image 20251027154522.png]]