Fingerprinting♨♨: Identifying Technologies Of Our Target.
Welcome Hackers!!. First of all, I am very happy for You to Connecting with Me.(Remember you were Connected with me 💞💞,Not Followed Me🚶♂️) . I hope Our Connection would Build Stronger. I can’t wait Until it happens on the Future. So, Don’t Feel Anything to ask about the blog and Me from the Comments.Okay., Lets we Dive Into The Blog..
In the Previous Two blog we could Filtered our Live Subdomains and Performed Subdomain Takeovers.. If You did Not see them Then Look , View and read Them✨✨…
Remember the One thing ,At the Starting Point We had only the Root Domain as the Target for Perform Penetration Testing , But After we performed Subdomains Enumerations And Resolute them ,We also have the Subdomains as the Targets🎯.
However..,Now and Later ,We will Perform the Recon to our Target’s Root Domain Only(Not the Subdomains). Because Performing Recon to Our Target’s Root Domain And Its Subdomains will results Confuse And Did Not Well Understandable.
So, First we will complete the Recon Stage for the Root Domain🔥. Once We Performed the Recon , Mapped and Tested our Target Successfully, Then we can Focus On our Target’s Subdomains💫💫..
Let’s We Get Start..,
Fingerprinting:
Fingerprinting Is the Recon Technique used to Identify the Different kind of Technologies were used by the our Target(IP and Domain). This information Were Used to Understand How the Target is Working. Also we will Exploit the Target if it has Vulnerable Version of The Technology.
The Technologies are also Programs Created for Provide Some Specific Functions. Also the program can contains itself Vulnerability. The development Team would update their Technology regularly for avoid the Vulnerabilities.However , The Vulnerabilities will arise when our Target would run the Older Versions of Technologies.
Fingerprinting Phases:
We can divide the Fingerprinting in Two phases. You can Look them in below.,
1.IP Fingerprint :- Identifying the Technologies were used in our Target’s Computer.
2.Web Application Fingerprint:- Identifying the Technologies were Used in our Target’s Web Application.
1.IP Fingerprinting:
This Part Of fingerprint is about gather the all Technologies were used by our Target’s Server(Target’s Operating System). This Phase also Called As Ports Enumeration.
Ports are Gateway for Various of Services Running On the Server. The Port Services are Provide Different type of Mechanism for the Server. Port Number Are The Unique Identifier Number for Identify the unique Port Services Runs on The Server.
For Example , The SMTP(Simple Mail Transfer Protocol) Port Service Used To Send And Receive the Mails .
There are several vulnerabilities are available in the Old Version of the SMTP Service. If the Target Server’s SMTP Port is not up to Current Version then The Vulnerability would available on the SMTP Service.
Tools:
All the Domains are connected with the Internet. Their Port Service Also. But, We only see the default HTTP(Hyper Text Transfer Protocol) which is used for Simply Transfer The Text based Resource On The Internet.
There are many other our Target’s Services would available On the Internet, We need To Find the All Services Were Connected to the Internet.
1.Shodan → Shodan is the world’s first search engine for Internet-connected devices. The Tool Not only scans the Domains also the all Internet-connected Things.(Webcams, smart Devices, traffic lights)
Prerequisites:
First you need to create an Account Noraml Results.
You can Register the Account by Below Link..,
https://account.shodan.io/register
Once Your Registered Free account , You only got limited Results. All the Results are Only available for the Paid One💲💲..!!!
Usage:
You can Search Your Target's Domain Name, IP or CIDR.
It Will gives you to the Open Ports And Its Status Of your Target . You can Look out the Open Ports And Identify The Vulnerabilities.
2.Cencys →Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.
Prerequisites:
Like The Shodan, You need to create an Account for Normal Results.
You can Register the Account by Below Link..,
https://accounts.censys.io/register
Usage:
You can Search Your Target's Domain Name, IP or CIDR.
Also, Once Your Registered Free account , You only got limited Results. For better Results You need Paid One💲💲..!!!
3.Nmap →Network Mapper Scan the internet Hosts an Enumerating Open Ports.
Install:
By default, Nmap Is Installed In On your linux Platforms. If Not then You can Do the below Steps to Install Nmap..
git clone "https://github.com/nmap/nmap.git"
#Installing from Go, The GO is required For installation.
#Congire It ,make binary and Install the binary
./configure
make
make install
Usage:
#For Single Targets
nmap -A -sV example.com -oN exapmle_nmap_out.txt
nmap -A -sV -oN 0.0.0.0 example_ip_out.txt
#For list of Targets
nmap -A -sV -iL list-hosts.txt -oN hosts_out.txt
#For List All The Options
nmap -help
#Nmap has Ultimate Option to perform the Port Scan.
#Not only the Port Scan , also the Asset Discovery ,firewall Evasion, etc…,
CAUTION:
Unlike the Shodan and Cencys , Nmap would directly probe your Target(Active Scan). So always Remind Your Target’s Testing Policy. If they Did Not allow us to perform Automation like these , Then Please Avoid The Automation. So,In this Case you can use Passive Techniques As Optionally..
2. Web Application Fingerprinting:
This Part Is Focused On Gather the all Technologies And Frameworks were used by our Target’s Web Application. An Web Application uses many components for its Better Performance.
For example, PHP(Hypertext Preprocessor) is the Programming language, which is used by Web Applications Widely. The PHP allows to Run the commands On the Operating System’s Shell/Command Prompt , Executing External Scripts , Traversing between the Paths Are Available in Computer and so on…
The Older Version of the PHP did not able to Handle the Malicious input, It will Execute all the Given Commands . If the Web Application uses the older Version(Non Currently updated version) of the PHP Language then It might be vulnerable to the Exploits.
In the World, Like the Programming Language, There are lot of Technologies are Available and also they have Lot of Vulnerabilities.
So , For this Reason We would Identify our Target Web Application Technologies and Exploit Them If they Are Vulnerable.
Tools:
In the Past , there is No word for Automation And Tools. All Jobs were done by Manual. But Now These Days Automation Tools are Act as Particular Role In Hacking And Cyber Security. For Example.., In the Past If we want to know the technologies were used by our target, Then we need to do Analyzing The Web Server’s Response (Banner Grabbing), Analyzing Error Messages And Read Developer Documentation. Sometimes it would be Hard and Boring..
But Now The Tools Will Probe, Crawl and Analyzing our Target then Give The All different types of Technologies were Used by our Target. Also they Gives Version of these Techs if They Can. By using these tools we can Done Our Job As Automatically And Fastly....!!
NOTE:
However,Manually analyzing and verifying them are will be most accurate and gives better results than Automation. So we need to manually verify(Resolute) the information by trying to Exploit Them.
1.Wappalyzer → The Toll Will Find the technology stack of any website.Lead lists contain websites, company and contact details, social media profiles and more.
The Tool Is available as Web GUI and As a Browser Extension. You can use which is the Best sets for you..
Wappalyzer: Web GUI:-
Usage:
- You can Simply Enter Your target's Domain In The Search Bar.
- After , It will results The Founded Technologies.
However , The Web GUI Tool is Only Available for Paid Subscription. You need to Create account and Purchase an Subscription.
Wappalyzer: Browser’s Extension:
If You Don’t Want And use The Free version Then You can Use The Wappalyzer’s Browser Extension, Which is Free But Filtered by Limited Results.
Setup And Usage:
- Navigate to apps section on wappalyzers Website.
2. Select your Compatible browser and Add It.
3. Open Your Target domain then You can Find The Technologies Of Profile By Clicking the Wappalyzer’s Browser Extension Icon.
After that it will give the Founded Technology And Its Versions of the Domain…
2.Builtwith → Asthe Name, The Tool would Find the websites are Built With which Technology.
Builtwith Is available as Web GUI and As a Browser Extension. You can use the one which is Suits for You..
Builtwith: Web GUI:
Usage:
- You can Simply Enter Your target’s Domain In The Search Bar.
- After , It will Give All The Founded Technologies.
For More Information About the Technology , You need An Paid Subscription. You Can Create account and Purchase an Subscription. Also You can Use The Free Version Of the Builtwith..
An Good Fact About the Builtwith is it will give The More Results Comparing than the Wappalyzer.
Builtwith: Browser’s Extension :
Setup And Usage:
- Navigate to The Builtwith’s domain’s toolbar Page.
2. Select your Compatible Browser Version and Add It.
3. Open Your Target Domain then You can Find The Technologies Of Profile By Clicking the Builtwith’s Browser Extension Icon.
Once You clicks the Extension , it will give the Founded Technology And Detail About the Technology of the Domain…
NOTE:
All the Operation And the Actions Are Made For Learning Purpose Only🎓🎓. Its Not Motivate About Hacking or Other Illegal Activities🫡🫡..
Exploiting Phase 💥💥:
As I Previously said in the Information Gathering and Reconnaissance Blog, Information can Also Lead to Exploit The Vulnerabilities on Our Target.
Once we found out the Version of the Technology our Target Uses, Then we need find if any Exploits(Vulnerabilities) are available For Them.
In the Next Blog we would Cover Exploiting Phase , Which Is Titled As “Exploiting Vulnerable Technologies: Fingerprinting”.
I think this may be a small blog, but it’s not the End. This Blog is The Ending Point to the New Starting Point In Fingerprinting.
At last, The One Thing About Me.., I Always did not Want to Teach to you or Explain to you. I Also Want you to Teach Me and Want You to Explain the Mistakes Were Made by Me. So, You Can Repair My Mistakes and Give the Solution on the Comment Section. I Always Hope It From You💖..
Okay Guys.... Thanks For Your Attention With Me👊, We Will Meet On The Next Blog..Soon..!!!