Acunetix Vulnerability Scanner
Acunetix vulnerability scanner also has an excellent webserver fingerprinting feature, and is freely
available from acunetix.com. Once you’ve downloaded it, launch it and choose to scan a website.
Under “website” type your desired website and click “Next” and it will give you the exact version
of webserver.
For security reasons, many websites fake the server banner in order to trick newbies into
thinking that the target is using a vulnerable webserver. Acunetix has the capability to detect
fake server banners.
WhatWeb
Our active information gathering section will not be complete without introducing a tool from
BackTrack. WhatWeb is an all-an-one package for performing active footprinting on a website.
It has more than 900 plug-ins capable of identifying server version, e-mail addresses, and SQL
errors. The tool is available in BackTrack by default in the /pentest/enumeration/web/whatweb
directory.
The usage is pretty simple: you need to type ./whatweb followed by the website name. You can
also scan multiple websites at a time.
Information Gathering Techniques
◾
63
Command
:
./whatweb slashdot.org reddit.com
Netcraft
Netcraft contains a huge online database with useful information on websites and can be
used for passive reconnaissance against the target. It is also capable of fingerprinting the
webservers.
Google Hacking
Google searches can be more than a treasure for a pentester, if he uses them effectively. With
Google searches, an attacker may be able to gather some very interesting information, includ-
ing passwords, on the target. Google has developed a few search parameters in order to
improve targeted search. However, they are abused by hackers to search for sensitive informa-
tion via Google.
|
