The correct identification of the underlying technologies that run on a website gives pent esters a significant advantage when preparing an attack. Whether you're testing the defense of a large company or playing the latest CTF, figuring out which technologies a site uses is a crucial skill for testing pens.
Knowledge of the technology and codebase used to build a site can speed things up by eliminating potential attack vectors or exploits that we know won't work. But it can also reduce the chance that your penetration will be detected by generating fewer alarms.
Today we will explore a tool called WebTech to uncover these technologies.
WebTech is an open source Python tool used to identify web technologies. You can use it in various ways, including as a command-line tool, as a Burp Suite extension, and as a Python library for scripting.
Other tools are available to achieve this goal, such as Wappalyzer, a commonly used browser extension, or other online alternatives such as W3Techs or Pentest-Tools. WebTech but differs in a way that is highly modular and easy to use, especially when it comes to Python scripting.
The exploration phase is essential in ethical hacking and penetration testing process. The old saying "measure twice, cut once" applies here.
Do not miss: Hack Like a Pro – Python Scripting for the aspiring hacker, part 1  Installing and Using [1965901million] to use WebTech, we need to install it first. Although you can use WebTech on any operating system that supports Python, I will show you here how it works in Kali Linux (or another Debian-based distro).
First make sure that Python is installed on your device – we can check with the which command:
~ # which python / Usr / bin / python
If you do not export from here, install it with the package manager:
~ # apt-get install python
Then install pip, a package management system for Python, using the following command :
~ # apt-get install python-pip
Now we can finally install WebTech:
~ # pip install webtech Collect Webtech Https://files.pythonhosted.org/packages/a7/66/3bd231369ca661e76fa863546c2d7d8c73fd214fc018dcee37ff32a368d8/webtech-1.2.7.tar.gz download (103kB) 100% | ████████████████████████████████ | 112 kB 1.5 MB / s Required already: requests in /usr/lib/python2.7/dist-packages (from webtech) (2.21.0) Building wheels for collected packages: webtech Run Setup.py bdist_wheel for webtech ... done Saved in folder: /root/.cache/pip/wheels/36/0d/d6/67a0bbbfd449ecb578cac82c098668ef032dbd513640257c94 Webtech successfully built Installing collected packages: webtech Webtech 1.2.7 successfully installed
Type webtech into the terminal to display usage and options:
~ # webtech No URL & # 39; s given! Use: webtech [options] options: - view and close the version number of the program -h, - help view and close this help message -u URLS, --urls = URLS URL & # 39; s to scan --urls-file = URLS_FILE, --ul = URLS_FILE url (s) list file to scan --user-agent = USER_AGENT, --ua = USER_AGENT use this user agent - random user agent, - rua use any user agent --database-file = DATABASE_FILE, --db = DATABASE_FILE modified database file - json, - oj json-coded report output --grep, --og output grepable report --update-db, --udb force update of external db files --timeout = TIMEOUT maximum timeout scrape requests
The most basic use of the tool with the flag -u to scan a display URL:
~ # webtech -u https://enull-byte.wonderhowto.com/ Target URL: https://null-byte.wonderhowto.com/ Detected technologies: - jQuery 1.7 - Google Font API - comScore The following interesting custom headers were detected: - Server: WonderHowTo - X-UA compatible: IE = Edge, chrome = 1 - X server name: APP02
Here we can see the technologies it has detected that are used by the site, as well as some interesting headers. This information can be useful in preparing for an attack, because reducing unnecessary extra variables can drastically reduce the time needed to be successful.
With this tool, we can also specify a custom user agent, which can sometimes be used to examine the site for various answers, depending on how it is set up. User agents are a means of identifying the browser and operating system to the Web server, sent as a text string in HTTP headers.
Here is a database of virtually every user agent that you can think of to help you in your search.  Locate the user agent that you want to test and add it to this string after your URL – ua = & # 39; [USERAGENTCODE] & # 39; instead of USERAGENTCODE. This is what it looks like:
~ # webtech -u https://null-byte.wonderhowto.com/ --ua = & # 39; Mozilla / 5.0 (Linux; Android 6.0.1; SM-G920V Build / MMB29K) AppleWebKit /537.36 (KHTML, such as Gecko) Chrome / 52.0.2743.98 Mobile Safari / 537.36 & # 39; Target URL: https://null-byte.wonderhowto.com/ Detected technologies: - jQuery 1.7 - Google Font API - comScore The following interesting custom headers were detected: - Server: WonderHowTo - X-UA compatible: IE = Edge, chrome = 1 - X server name: APP02
Here we have set the user agent to simulate a Samsung Galaxy S6, although we have not received any other results. Sometimes, for example if there is a bug in a specific browser, the server sends a different response, depending on the user agent.
We can also set any user-agent if we want, using the -random-user-agent flag, which will randomly select a user agent to use.
WebTech & # 39; s command line usage is certainly useful in identifying the underlying technologies of a website, but where it really seems is its ability to be used in scripts.
Scripting with WebTech
You can use WebTech in any Python script by importing only the library. This flexibility is in my opinion the most useful function of the tool, because you can integrate it into any other script where determining where a website is built is important.
WebTech can be used, for example, as part of a larger fingerprint script in addition to port scans and service inventory. It would also be useful in exploitscripts, where the details of the exploit change slightly depending on the platform.
Let's write a quick demo script to show it in action. Make your Python file with your text editor – in this case, I use Nano because it is easy:
~ # nano scan.py
The first line should tell the script how to perform by referring to our Python binary:
#! / Usr / bin / python
then we need an import statement to import the WebTech library:
Then we can create a new one with the variable wt  wt = webtech.WebTech ()  and start scanning the URL (I had to set a short time-out, or it would not work) and turn on the results variable:
results = wt.start_from_url (& # 39; https: //null-byte.wonderhowto.com/' ;, timeout = 1)  Finally, we print the results of the scan to the screen:
The final script would have to look like:
#! / usr / bin / python import webtech wt = webtech.WebTech () results = wt.start_from_url (& # 39; https: //null-byte.wonderhowto.com/' ;, timeout = 1) print results
We can now run our script with the command python that we have set above:
~ # python scan.py Target URL: https://null-byte.wonderhowto.com/ Detected technologies: - jQuery 1.7 - Google Font API - comScore The following interesting custom headers were detected: - Server: WonderHowTo - X-UA compatible: IE = Edge, chrome = 1 - X server name: APP03
Here we can see that we have obtained the same results as before. Keep in mind that this was just a simple proof-of-concept - we would make this a much more robust if we wanted.
What this does is demonstrate how potentially could be useful WebTech when it is integrated into other scripts or tools.
In this article we learned about WebTech - a Python tool used to identify website technologies.
We saw how we could easily install it with pip and execute it from the command line. We also examined their true strength, the ability to be used as a Python library, by writing little scripts. WebTech makes it easy to get to know your target during the reconstruction phase, giving you the advantage when planning an attack. Screenshots of drd_ / Null Byte