قالب وردپرس درنا توس
Home / Tips and Tricks / How to use WebTech to discover which technologies use website "Null Byte :: WonderHowTo

How to use WebTech to discover which technologies use website "Null Byte :: WonderHowTo



The correct identification of the underlying technologies that run on a website gives pent esters a significant advantage when preparing an attack. Whether you're testing the defense of a large company or playing the latest CTF, figuring out which technologies a site uses is a crucial skill for testing pens.

Knowledge of the technology and codebase used to build a site can speed things up by eliminating potential attack vectors or exploits that we know won't work. But it can also reduce the chance that your penetration will be detected by generating fewer alarms.

Today we will explore a tool called WebTech to uncover these technologies.

Why WebTech?

WebTech is an open source Python tool used to identify web technologies. You can use it in various ways, including as a command-line tool, as a Burp Suite extension, and as a Python library for scripting.

Other tools are available to achieve this goal, such as Wappalyzer, a commonly used browser extension, or other online alternatives such as W3Techs or Pentest-Tools. WebTech but differs in a way that is highly modular and easy to use, especially when it comes to Python scripting.

The exploration phase is essential in ethical hacking and penetration testing process. The old saying "measure twice, cut once" applies here.

Do not miss: Hack Like a Pro – Python Scripting for the aspiring hacker, part 1 [19659009] Installing and Using [1965901million] to use WebTech, we need to install it first. Although you can use WebTech on any operating system that supports Python, I will show you here how it works in Kali Linux (or another Debian-based distro).

First make sure that Python is installed on your device – we can check with the which command:

  ~ # which python

/ Usr / bin / python 

If you do not export from here, install it with the package manager:

  ~ # apt-get install python 

Then install pip, a package management system for Python, using the following command :

  ~ # apt-get install python-pip 

Now we can finally install WebTech:

  ~ # pip install webtech

Collect Webtech
Https://files.pythonhosted.org/packages/a7/66/3bd231369ca661e76fa863546c2d7d8c73fd214fc018dcee37ff32a368d8/webtech-1.2.7.tar.gz download (103kB)
100% | ████████████████████████████████ | 112 kB 1.5 MB / s
Required already: requests in /usr/lib/python2.7/dist-packages (from webtech) (2.21.0)
Building wheels for collected packages: webtech
Run Setup.py bdist_wheel for webtech ... done
Saved in folder: /root/.cache/pip/wheels/36/0d/d6/67a0bbbfd449ecb578cac82c098668ef032dbd513640257c94
Webtech successfully built
Installing collected packages: webtech
Webtech 1.2.7 successfully installed 

Type webtech into the terminal to display usage and options:

  ~ # webtech

No URL & # 39; s given!
Use: webtech [options]

options:
- view and close the version number of the program
-h, - help view and close this help message
-u URLS, --urls = URLS URL & # 39; s to scan
--urls-file = URLS_FILE, --ul = URLS_FILE
url (s) list file to scan
--user-agent = USER_AGENT, --ua = USER_AGENT
use this user agent
- random user agent, - rua
use any user agent
--database-file = DATABASE_FILE, --db = DATABASE_FILE
modified database file
- json, - oj json-coded report output
--grep, --og output grepable report
--update-db, --udb force update of external db files
--timeout = TIMEOUT maximum timeout scrape requests 

The most basic use of the tool with the flag -u to scan a display URL:

  ~ # webtech -u https://enull-byte.wonderhowto.com/

Target URL: https://null-byte.wonderhowto.com/
Detected technologies:
- jQuery 1.7
- Google Font API
- comScore
The following interesting custom headers were detected:
- Server: WonderHowTo
- X-UA compatible: IE = Edge, chrome = 1
- X server name: APP02 

Here we can see the technologies it has detected that are used by the site, as well as some interesting headers. This information can be useful in preparing for an attack, because reducing unnecessary extra variables can drastically reduce the time needed to be successful.

With this tool, we can also specify a custom user agent, which can sometimes be used to examine the site for various answers, depending on how it is set up. User agents are a means of identifying the browser and operating system to the Web server, sent as a text string in HTTP headers.

Here is a database of virtually every user agent that you can think of to help you in your search. [19659002] Locate the user agent that you want to test and add it to this string after your URL – ua = & # 39; [USERAGENTCODE] & # 39; instead of USERAGENTCODE. This is what it looks like:

  ~ # webtech -u https://null-byte.wonderhowto.com/ --ua = & # 39; Mozilla / 5.0 (Linux; Android 6.0.1; SM-G920V Build / MMB29K) AppleWebKit /537.36 (KHTML, such as Gecko) Chrome / 52.0.2743.98 Mobile Safari / 537.36 & # 39;

Target URL: https://null-byte.wonderhowto.com/
Detected technologies:
- jQuery 1.7
- Google Font API
- comScore
The following interesting custom headers were detected:
- Server: WonderHowTo
- X-UA compatible: IE = Edge, chrome = 1
- X server name: APP02 

Here we have set the user agent to simulate a Samsung Galaxy S6, although we have not received any other results. Sometimes, for example if there is a bug in a specific browser, the server sends a different response, depending on the user agent.

We can also set any user-agent if we want, using the -random-user-agent flag, which will randomly select a user agent to use.

WebTech & # 39; s command line usage is certainly useful in identifying the underlying technologies of a website, but where it really seems is its ability to be used in scripts.

Scripting with WebTech

You can use WebTech in any Python script by importing only the library. This flexibility is in my opinion the most useful function of the tool, because you can integrate it into any other script where determining where a website is built is important.

WebTech can be used, for example, as part of a larger fingerprint script in addition to port scans and service inventory. It would also be useful in exploitscripts, where the details of the exploit change slightly depending on the platform.

Let's write a quick demo script to show it in action. Make your Python file with your text editor – in this case, I use Nano because it is easy:

  ~ # nano scan.py 

The first line should tell the script how to perform by referring to our Python binary:

  #! / Usr / bin / python 

then we need an import statement to import the WebTech library:

  import webtech 

Then we can create a new one with the variable wt [19659036] wt = webtech.WebTech () [19659013] and start scanning the URL (I had to set a short time-out, or it would not work) and turn on the results variable:

  results = wt.start_from_url (& # 39; https: //null-byte.wonderhowto.com/&#39 ;, timeout = 1) [19659013] Finally, we print the results of the scan to the screen: 

  printing results 

The final script would have to look like:

  #! / usr / bin / python

import webtech

wt = webtech.WebTech ()

results = wt.start_from_url (& # 39; https: //null-byte.wonderhowto.com/&#39 ;, timeout = 1)
print results 

We can now run our script with the command python that we have set above:

  ~ # python scan.py

Target URL: https://null-byte.wonderhowto.com/
Detected technologies:
- jQuery 1.7
- Google Font API
- comScore
The following interesting custom headers were detected:
- Server: WonderHowTo
- X-UA compatible: IE = Edge, chrome = 1
- X server name: APP03 

Here we can see that we have obtained the same results as before. Keep in mind that this was just a simple proof-of-concept - we would make this a much more robust if we wanted.

What this does is demonstrate how potentially could be useful WebTech when it is integrated into other scripts or tools.

Rounding

In this article we learned about WebTech - a Python tool used to identify website technologies.

We saw how we could easily install it with pip and execute it from the command line. We also examined their true strength, the ability to be used as a Python library, by writing little scripts. WebTech makes it easy to get to know your target during the reconstruction phase, giving you the advantage when planning an attack. Screenshots of drd_ / Null Byte


Source link