Technology Fingerprinting
Mengetahui teknologi yang digunakan target membantu mencari CVE yang relevan, default credentials, dan teknik exploit yang spesifik.
Tools
# Wappalyzer — browser extension
# Install di Chrome/Firefox, otomatis deteksi teknologi
# WhatWeb — CLI
whatweb https://target.com
whatweb -a 3 https://target.com # Aggressive mode
# httpx — bulk fingerprinting
cat subdomains.txt | httpx -tech-detect -status-code -title
Cara Manual
# Dari response headers
curl -I https://target.com
# Yang dicari:
Server: Apache/2.4.49 ← CVE-2021-41773!
X-Powered-By: PHP/7.2.0 ← PHP versi lama
X-Generator: WordPress 5.8 ← Cek WP vulnerabilities
Identifikasi CMS
| CMS | Ciri Khas | Tools Spesifik |
|---|
| WordPress | /wp-content/, /wp-admin/ | WPScan |
| Joomla | /administrator/, /components/ | JoomScan |
| Drupal | /sites/default/, CHANGELOG.txt | Droopescan |
| Magento | /skin/frontend/, /downloader/ | Magescan |
// CEK PEMAHAMAN
Header response apa yang langsung menunjukkan versi PHP yang digunakan server?
AContent-Type
BAuthorization
CX-Powered-By
DCache-Control