INFORMATION GATHERING TOOL

                WEB INFORMATION GATHERER

Footprinting  and  information  gathering,  the  first  and  most  important  step  of  penetration  testing.  To  become  a  successful  ethical  hacker  you  need  to  implement  every  step  and  process  of  pentesting,  not  only  implement  but  to  implement  it  efficiently. Gathering corrent information about target is extremely important. We have a number of tools to do these jobs. If  we  talk  about web  application  penetration  testing then it is very important to identify the software running behind a target website, most of the websites are now based on CMS (content management system) so we need to identify the name and version of the CMS. Once we get these information correctly we can target and this betters our chances of getting the desired result.

These information are very helpful to identify the vulnerabilities on a website. Imagine if you know the software name with its version then you can find the exploits available on Internet (how easy is to hack into a website). Because many exploits are version specific that means a particular exploit will work only for certain version of that software.CMS identification requires some time and effort, this is why developers have created automatic tools to do the job. Now at this stage I would like to share another tool called WIG. WIG stands for Web Information Gatherer. So the name of this tool itself suggests what it can do.

WIG identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files.

OS identification is done by using the value of the 'server' and 'X-Powered-By' in the response header. These values are compared to a database of which package versions are include with different operating systems.

There are currently three profiles:

1. Only send one request: wig only sends a request for '/'. All fingerprints matching this url are tested.

2. Only send one request per plugin: The url used in most fingerprints is used.

3. All fingerprints: All fingerprints are tested. 

Example of WIG

# python3 wig.py www.example.com

CMS                  Drupal CMS: [7.25, 7.24, 7.26, 7.23, 7.22]

Operating System     Microsoft Windows Server: [2008 R2]

Server Info          Microsoft-IIS: [7.5, 6.0]

______________________________________________________________

Time: 18.0 sec | Plugins: 65 | Urls: 324 | Fingerprints: 14178

 

Help screen:

# wig.py --help usage: wig.py [-h] [-v] [-p {1,2,4}] host WebApp Information Gatherer positional arguments:   host        the host name of the target optional arguments:   -h, --help  show this help message and exit   -v          list all the urls where matches have been found   -p {1,2,4}  select a profile:               1) Make only one request                 2) Make one request per plugin                4) All

Requirements:

• Python 3
• Requests