Active Infrastructure Identification

IIS default installation

  • IIS 6.0: Windows Server 2003

  • IIS 7.0-8.5: Windows Server 2008 / Windows Server 2008R2

  • IIS 10.0 (v1607-v1709): Windows Server 2016

  • IIS 10.0 (v1809-): Windows Server 2019

HTTP Headers

$ curl -I "http://${TARGET}"

HTTP/1.1 200 OK
Date: Thu, 23 Sep 2021 15:10:42 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/7.3.5
Link: <http://192.168.10.10/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

  • X-Powered-By Header

  • Cookies

    • .NET: ASPSESSIONID=<COOKIE_VALUE>

    • PHP: PHPSESSID=<COOKIE_VALUE>

    • JAVA: JSESSION=<COOKIE_VALUE>

WhatWeb

$ whatweb -a3 https://www.facebook.com -v

  • -v for verbose

  • -a3 for aggression level 3

Wappalyzer

  • Browser extension

WAFw00f

  • WAF fingerprinting tool

$ sudo apt install wafw00f -y
$ wafw00f -v https://www.tesla.com

Aquatone

  • For screenshotting, technology identification, and server response headers

$ sudo apt install golang chromium-driver
$ go get github.com/michenriksen/aquatone
$ export PATH="$PATH":"$HOME/go/bin"
$ cat facebook_aquatone.txt | aquatone -out ./aquatone -screenshot-timeout 1000
PreviousPassive Infrastructure IdentificationNextActive Subdomain Enumeration

Last updated