Bug Bounty Hub
  • 🚀WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • 🕸️PENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • 📚RESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • 🏔️Bug Bounty Platforms
Powered by GitBook
On this page
  • Inspecting HTTP Response Headers
  • Fingerprinting using WhatWeb

Was this helpful?

  1. PENTESTING WEB
  2. Information Gathering

Fingerprinting

The process of fingerprinting web applications involves identifying the underlying technologies they use.

Inspecting HTTP Response Headers

HTTP response headers often reveal details about the web server, programming language, and various security policies in place.

The following example reveals the Nginx version and underlying operating system:

curl -I http://example.com

HTTP/2 200 OK
Content-Type: application/javascript
Expires: Sat, 04 Oct 2028 04:23:59 GMT
Last-Modified: Fri, 16 Feb 2022 04:56:01 GMT
Server: nginx/1.1.4.0 (Ubuntu)
X-Ah-Environment: prod
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 287

Fingerprinting using WhatWeb

WhatWeb is a web scanner tool used to identify technologies running on a website, such as the web server, frameworks, CMS, plugins, and more. It helps security researchers gather reconnaissance information for vulnerability analysis.

whatweb $URL

PreviousMapping Attack Surface - Crawling/SpiderNextPotential Vulnerabilities - Nuclei

Last updated 5 months ago

Was this helpful?

🕸️