CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

WebApp Information Gatherer – WIG

Table of Contents

Footprinting and information gathering, the first and most
important step of penetration testing. To become a successful ethical hacker
you need to implement every step and process of pentesting, not only implement but
to implement it efficiently. If we talk about web application penetration testing then it is very important to identify the software running behind a
target website, most of the websites are now based on CMS (content management
system) so we need to identify the name and version of the CMS.



These information are very helpful to identify the
vulnerabilities on a website, imagine if you know the software name with its
version then you can find the exploits available on Internet (how easy is to
hack into a website). But CMS identification requires some time and effort,
this is why developers have created automatic tools to do the job.

You might have heard about whatweb and blindelephant, yes
these tools are used to identify the CMS running on a website; whether it is
wordpress, Joomla and any other. Now at this stage I would like to share
another tool called WIG.

WebApp Information Gatherer

wig identifies a websites CMS by searching for
fingerprints of static files and extracting version numbers from known files.
OS identification is done by using the value of
the ‘server’ and ‘X-Powered-By’ in the response header. These values are
compared to a database of which package versions are include with different
operating systems.
There are currently three profiles:
1. Only send one request: wig only sends a request for ‘/’. All
fingerprints matching this url are tested.
2. Only send one request per plugin: The url used in most fingerprints is used
4. All fingerprints: All fingerprints are tested
Example of
WIG

# python3 wig.py www.example.com
CMS                 
Drupal CMS: [7.25, 7.24, 7.26, 7.23, 7.22]
Operating System    
Microsoft Windows Server: [2008 R2]
Server Info         
Microsoft-IIS: [7.5, 6.0]
______________________________________________________________
Time: 18.0 sec | Plugins: 65 | Urls: 324 | Fingerprints: 14178



Download & Further information
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training