Web Server OSINT
Considerations
Map out the technologies in use, the plugins, extensions, templates, scripts that may be standard and shared online. Anything that is common across the web is important because this means it has probably already been looked at by security researchers and will either have CVEs or bug patching updates that may hint at weaknesses in the developers strategies.
Stack and Version
Wappalyzer(browser ext):
Burp:
Do a get request and see the response. Note that many versions may be in use across the company webapp offerings, load balancers and locations.
NetCat (nc):
A simple nc command pointed at the port can give you banners with valuable info.
nc <ip> <port>
Cookies:
Cookies may use default names that can tell us about the server/framework/languages in use. PHPSESSID -> PHP ASPSESSIONIDYYYY -> .NET JSESSION -> JAVA
Other common tools:
whatweb //CLI Fingerprinting
urlscan.io //Fingerprinting and Emulation
browserling //Emulation from a proxy (many uses)
Last updated