Penetration Testing
  • Web
    • Reconnaissance
      • Search Engine Discovery
      • Fingerprint Web Server
      • Review Webserver Metafiles
      • Enumerate Applications
      • Review Webpage Content
      • Identify Application Entry Points
      • Map Execution Paths
      • Fingerprint Web Application Framework
      • Map Application Architecture
    • Open Source Intelligence
      • Infrastructure
      • People Investigation
    • Misconfiguration
      • Network Configuration
      • App Platform Configuration
      • File Extensions Handling
      • Review Old Backup
      • Enumerate Admin Interfaces
      • HTTP Methods
      • HTTP Strict Transport Security
      • RIA Cross Domain Policy
      • File Permission
      • Subdomain Takeover
      • Cloud Storage
      • Content Security Policy
      • Path Confusion
    • Identity Management
      • Role Definitions
      • User Registration
      • Account Provisioning
      • Account Enumeration
      • Weak Username Policy
    • Broken Authentication
      • Credentials Encrypted Channel
      • Default Credentials
      • Weak Lock Out Mechanism
      • Bypassing Authentication Schema
      • Vulnerable Remember Password
      • Browser Cache Weaknesses
      • Weak Password Policy
      • Weak Security Question Answer
      • Weak Password Reset Functionalities
      • Weaker Authentication in Alternative Channel
      • Multi-Factor Authentication
    • Broken Authorization
      • Directory Traversal File Include
      • Bypassing Authorization Schema
      • Privilege Escalation
      • Insecure Direct Object References
      • OAuth Weaknesses
    • Session Management
      • Session Management Schema
      • Cookies Attributes
      • Session Fixation
      • Exposed Session Variables
      • Cross Site Request Forgery
      • Logout Functionality
      • Session Timeout
      • Session Puzzling
      • Session Hijacking
      • JSON Web Tokens
    • Input Validation
      • Reflected Cross Site Scripting
      • Stored Cross Site Scripting
      • HTTP Verb Tampering
      • HTTP Parameter Pollution
      • SQL Injection
      • LDAP Injection
      • XML Injection
      • SSI Injection
      • XPath Injection
      • IMAP SMTP Injection
      • Code Injection
      • Command Injection
      • Insecure Deserialization
      • Format String Injection
      • Incubated Vulnerability
      • HTTP Splitting Smuggling
      • HTTP Incoming Requests
      • Host Header Injection
      • Server Side Template Injection
      • Server Side Request Forgery
      • Mass Assignment
      • Regular Expression DoS
      • PHP Type Juggling
    • Error Handling
      • Improper Error Handling
      • Stack Traces
    • Weak Cryptography
      • Weak Transport Layer Security
      • Padding Oracle Attack
      • Information Unencrypted Channel
      • Weak Encryption
    • Business Logic
      • Logic Data Validation
      • Ability to Forge Requests
      • Integrity Checks
      • Process Timing
      • Race Conditions
      • Circumvention of Work Flows
      • Defenses Against Application Misuse
      • Upload of Unexpected File Types
      • Upload of Malicious Files
      • Payment Functionality
    • Client Side
      • DOM-Based Cross Site Scripting
      • JavaScript Execution
      • HTML Injection
      • Client Side URL Redirect
      • CSS Injection
      • Client Side Resource Manipulation
      • Cross Origin Resource Sharing
      • Client Side Template Injection
      • Cross Site Flashing
      • Clickjacking
      • WebSockets
      • Web Messaging
      • Browser Storage
      • Cross Site Script Inclusion
      • Reverse Tabnabbing
    • API Attacks
      • Broken Object Level Authorization
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources and Rate Limiting
      • Broken Function Level Authorization
      • Mass Assignment
      • Security Misconfiguration
      • Injection Attack
      • Improper Assets Management
      • Insufficient Logging and Monitoring
  • Mobile
    • Mobile App Taxonomy
    • Mobile App Security Testing
    • General
    • Android
    • iOS
  • Cloud
    • Reconnaissance
    • SaaS
    • IaaS
    • Azure
    • AWS
    • GCP
    • IBM
    • Digital Ocean
    • Kubernetes
    • CI/CD
    • Active Directory
  • Network
    • Introduction
    • Intelligence Gathering
    • Vulnerability Analysis
    • Logical Vulnerabilities
    • Exploitation of Remote Services (User-Mode)
    • Exploitation of Remote Services (Kernel-Mode)
  • Wireless
    • Page 4
  • iot
    • Page 5
Powered by GitBook
On this page
  • Check List
  • Cheat Sheet
  • HTTP Headers
  • Cookies
  • HTML Source Code
  • Specific File and Folders
  • File Extensions
  • Error Message

Was this helpful?

  1. Web
  2. Reconnaissance

Fingerprint Web Application Framework

Check List

Cheat Sheet

HTTP Headers

X-Powered-By

curl -s -I $WEBSITE | grep -i "X-Powered-By"
HTTP/1.1 200 OK
Date: Sat, 19 Oct 2024 12:53:32 GMT
Server: Apache/2.4.54 (Debian)
X-Powered-By: PHP/7.4.33
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 19 Nov 1991 08:55:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 20336
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

X-Generator

curl -s -I $WEBSITE | grep -i "X-Generator"
HTTP/2 200 OK
Date: Sun, 20 Oct 2024 19:44:37 GMT
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=2678400
Content-Language: en
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 17 Oct 2024 20:23:57 GMT
Link: <https://www.clubtexting.com/mass-texting-service>; rel="canonical", <https://www.clubtexting.com/node/2>; rel="shortlink"
Strict-Transport-Security: max-age=0
Traceparent: 00-17ff572e152af0e16aa14393ed1665c0-d07a1342ce2b0ab2-01
Vary: Cookie, Accept-Encoding
X-Content-Type-Options: nosniff
X-Debug-Info: eyJyZXRyaWVzIjowfQ==
X-Frame-Options: SAMEORIGIN
X-Generator: Wordpress
X-Platform-Cluster: dtrg7uteophra-main-bvxeaći
X-Platform-Processor: 7w2v5maie5xeye7eoz3s2122sa
X-Platform-Router: vpnpkzvsdhodouspycwfpqtbfu
CF-Cache-Status: HIT
Age: 256840
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2BuAuXK14P=iiu7C=tAY460JZghéRNpsdtyNz4zKvPZdQAB2xgUlKx4151BHwgzPf6kq9x04Xu0IyLqfpfkRuZLSLDNIOWUJ2YwrW8aIkprtCIhiXuZf%2BJa6XrteYB%2FUQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-Ray: 8d5b80e93f87dca5-PRA
Server-Timing:
Alt-Svc: h3=":443"; ma=86400
services.http.response.body: "ASP.NET" OR services.http.response.headers.server: "Microsoft-IIS" OR services.microsoft_sqlserver
whatweb $WEBSIET

Cookies

Set-Cookie

curl -s -I $WEBSITE | grep -i "Set-Cookie:"
HTTP/1.1 200 OK
Date: Sun, 20 Oct 2024 19:38:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: CAKEPHP=jiflsfmsmeqhou0q38jbrlj380; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: CAKEPHP=jiflsfmsmeqhou0q38jbrlj380; path=/
Set-Cookie: CAKEPHP=jiflsfmsmeqhou0q38jbrlj380; path=/
Vary: Accept-Encoding
Content-Length: 52161
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Session Cookie Parameters

Framework
Cookie name

Zope

zope3

CakePHP

cakephp

Kohana

kohanasession

Laravel

laravel_session

phpBB

phpbb3_

WordPress

wp-settings

1C-Bitrix

BITRIX_

AMPcms

AMP

Django CMS

django

DotNetNuke

DotNetNukeAnonymous

e107

e107_tz

EPiServer

EPiTrace, EPiServer

Graffiti CMS

graffitibot

Hotaru CMS

hotaru_mobile

ImpressCMS

ICMSession

Indico

MAKACSESSION

InstantCMS

InstantCMS[logdate]

Kentico CMS

CMSPreferredCulture

MODx

SN4[12symb]

TYPO3

fe_typo_user

Dynamicweb

Dynamicweb

LEPTON

lep[some_numeric_value]+sessionid

Wix

Domain=.wix.com

VIVVO

VivvoSessionId

HTML Source Code

Comment

curl -s $WEBSITE | grep -o "gtag.js"
<!-- Google tag (gtag.js) snippet added by Site Kit -->

<!-- Google Analytics snippet added by Site Kit -->
<script src="https://www.googletagmanager.com/gtag/js?id=G-EVWGW1CZ2C6" id="google_gtagjs-js" async></script>
<script id="google_gtagjs-js-after">
    window.dataLayer = window.dataLayer || [];
    function gtag(){
        dataLayer.push(arguments);
    }
    gtag('set', 'linker', {
        "domains":["www.zkracing.com.my"]
    });
</script>

HTML Source Code

Application
Keyword

WordPress

<meta name="generator" content="WordPress 3.9.2" />

phpBB

<body id="phpbb"

Mediawiki

<meta name="generator" content="MediaWiki 1.21.9" />

Joomla

<meta name="generator" content="Joomla! - Open Source Content Management" />

Drupal

<meta name="Generator" content="Drupal 7 (http://drupal.org)" />

DotNetNuke

DNN Platform - [http://www.dnnsoftware.com](http://www.dnnsoftware.com)

Specific Markers

Framework
Keyword

Adobe ColdFusion

<!-- START headerTags.cfm

Microsoft ASP.NET

__VIEWSTATE

ZK

<!-- ZK

Business Catalyst

<!-- BC_OBNW -->

Indexhibit

ndxz-studio

Wappalyzer

Specific File and Folders

BurpSuite

Burp Suite > Target > Right Click on One Domain > Send to Intruder > Intruder > Add Variable to Target Fuzzing > Payloads > Payloads Setting Add WordList > Start Attack

File Extensions

Wappalyzer

BuiltWith

whatweb $WEBSITE
feroxbuster --url $WEBSITE -C 200 -x php,aspx,jsp
dirsearch -u $WEBSITE \
          -w /usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt \
          -e php,cgi,htm,html,shtm,sql.gz,sql.zip,shtml,lock,js,jar,txt,bak,inc,smp,csv,cache,zip,old,conf,config,backup,log,pl,asp,aspx,jsp,sql,db,sqlite,mdb,wasl,tar.gz,tar.bz2,7z,rar,json,xml,yml,yaml,ini,java,py,rb,php3,php4,php5

Error Message 

curl -s $WEBSITE | grep -i "syntax error"
Parse error: syntax error, unexpected 'S SERVER' (T_VARIABLE) in /var/www/html/index.php on line 5
PreviousMap Execution PathsNextMap Application Architecture

Last updated 1 month ago

Was this helpful?

Censys
WhatWeb
WhatWeb
FreoxBuster
DirSearch
LogoFind out what websites are built with - Wappalyzer
LogoFind out what websites are built with - Wappalyzer
https://builtwith.com/builtwith.com