Attack Surface Management
Created bytrickest-mhmdiaa
Last updated7/4/2024

Input Parameters

header
string
Header(s) to include in HTTP requests
web-servers
file
required
List of web servers

Outputs

web-technologies

Fingerprint Web Technologies

Description

Identify technologies running on a list of web servers. This module identifies different types of web technologies, including web server software, content management systems (CMS), content delivery networks (CDN), web application firewalls (WAF), and more.

Features

  • Identifies various types of web technologies.
  • Collects metadata about the identified technologies, including the version information and technology-specific locations (such as login panels).
  • Capable of processing tens of thousands of hosts simultaneously.

Inputs

Required

  • web-serverss: a list of web server URLs
https://blog.example.com

Outputs

  • web-technologies: JSONLines records of web technology discovery details.
{"asset": "https://blog.example.com", "technology": "WordPress", "location": "https://blog.example.com/wp-admin/install.php", "context": "6.5.3"}
{"asset": "https://blog.example.com", "technology": "Bootstrap"}
{"asset": "https://blog.example.com", "technology": "Cloudflare WAF", "location": "https://blog.example.com/?jbsmfoey=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&xtrsrvgz=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&tqvgazak=..%2F..%2F..%2F..%2Fetc%2Fpasswd", "context": "Cloudflare Inc."}

Changelog

  • v1.0.0
    • Initial release
  • v1.0.1
    • Added header input