Fingerprinting

The process of fingerprinting web applications involves identifying the underlying technologies they use.

Inspecting HTTP Response Headers

HTTP response headers often reveal details about the web server, programming language, and various security policies in place.

The following example reveals the Nginx version and underlying operating system:

curl -I http://example.com

HTTP/2 200 OK
Content-Type: application/javascript
Expires: Sat, 04 Oct 2028 04:23:59 GMT
Last-Modified: Fri, 16 Feb 2022 04:56:01 GMT
Server: nginx/1.1.4.0 (Ubuntu)
X-Ah-Environment: prod
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 287

Fingerprinting using WhatWeb

WhatWeb is a web scanner tool used to identify technologies running on a website, such as the web server, frameworks, CMS, plugins, and more. It helps security researchers gather reconnaissance information for vulnerability analysis.

whatweb $URL

PreviousMapping Attack Surface - Crawling/Spider NextPotential Vulnerabilities - Nuclei

Last updated 8 months ago

Was this helpful?