Active Infrastructure Identification

IIS default installation

IIS 6.0: Windows Server 2003
IIS 7.0-8.5: Windows Server 2008 / Windows Server 2008R2
IIS 10.0 (v1607-v1709): Windows Server 2016
IIS 10.0 (v1809-): Windows Server 2019

HTTP Headers

$ curl -I "http://${TARGET}"

HTTP/1.1 200 OK
Date: Thu, 23 Sep 2021 15:10:42 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/7.3.5
Link: <http://192.168.10.10/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

X-Powered-By Header
Cookies
- .NET: ASPSESSIONID=<COOKIE_VALUE>
- PHP: PHPSESSID=<COOKIE_VALUE>
- JAVA: JSESSION=<COOKIE_VALUE>

WhatWeb

$ whatweb -a3 https://www.facebook.com -v

-v for verbose
-a3 for aggression level 3

Wappalyzer

Browser extension

WAFw00f

WAF fingerprinting tool

$ sudo apt install wafw00f -y
$ wafw00f -v https://www.tesla.com

Aquatone

For screenshotting, technology identification, and server response headers

$ sudo apt install golang chromium-driver
$ go get github.com/michenriksen/aquatone
$ export PATH="$PATH":"$HOME/go/bin"
$ cat facebook_aquatone.txt | aquatone -out ./aquatone -screenshot-timeout 1000

PreviousPassive Infrastructure Identification NextActive Subdomain Enumeration

Last updated 2 years ago

hashtagIIS default installation

hashtagHTTP Headers

hashtagWhatWeb

hashtagWappalyzer

hashtagWAFw00f

hashtagAquatone

IIS default installation

HTTP Headers

WhatWeb

Wappalyzer

WAFw00f

Aquatone