Member-only story
Fingerprinting a webserver + finding new web applications
Published in
3 min readJun 27, 2021
Tools
- Nmap
- Nikto
- Netcraft online tool
- Wappalyzer browser plugin
- Curl/wget to send malformed requests
Test for
- nmap -sV ip_adr
-sV is the flag for banner grabbing
- Nikto — host ip_addr
Nikto will automatically try banner grabbing
- Wapplyzer browser plugin
Will auto analyse if possible
Some servers will respond differently to bad requests
Enumerating different webapps
- Different baseURLs may refer to different applications, often we can only find these by directory brute forcing, for example https://google.com might go to the search engine but https://google.com/mail might point to a totally different webapp
- Besides port 80 and 443 we should investigate anything that looks like a webserver. Use tools like nmap to enumerate all the open ports, -p- for all ports instead of top 1000 and -sU for UDP ports included
- vHosts are different hosts on the same webserver, for example mail.google.com and www.google.com might point to the same webserver but they might return a different application based on the routing of the URL. We can use…
