Fingerprinting♨♨: Identifying Technologies Of Our Target.

Let’s We Get Start..,

Starting……

Fingerprinting Is the Recon Technique used to Identify the Different kind of Technologies were used by the our Target(IP and Domain). This information Were Used to Understand How the Target is Working. Also we will Exploit the Target if it has Vulnerable Version of The Technology.

The Technologies are also Programs Created for Provide Some Specific Functions. Also the program can contains itself Vulnerability. The development Team would update their Technology regularly for avoid the Vulnerabilities.However , The Vulnerabilities will arise when our Target would run the Older Versions of Technologies.

We can divide the Fingerprinting in Two phases. You can Look them in below.,

1.IP Fingerprint :- Identifying the Technologies were used in our Target’s Computer.

2.Web Application Fingerprint:- Identifying the Technologies were Used in our Target’s Web Application.

This Part Of fingerprint is about gather the all Technologies were used by our Target’s Server(Target’s Operating System). This Phase also Called As Ports Enumeration.

Ports are Gateway for Various of Services Running On the Server. The Port Services are Provide Different type of Mechanism for the Server. Port Number Are The Unique Identifier Number for Identify the unique Port Services Runs on The Server.
For Example , The SMTP(Simple Mail Transfer Protocol) Port Service Used To Send And Receive the Mails .

There are several vulnerabilities are available in the Old Version of the SMTP Service. If the Target Server’s SMTP Port is not up to Current Version then The Vulnerability would available on the SMTP Service.

All the Domains are connected with the Internet. Their Port Service Also. But, We only see the default HTTP(Hyper Text Transfer Protocol) which is used for Simply Transfer The Text based Resource On The Internet.

1.Shodan → Shodan is the world’s first search engine for Internet-connected devices. The Tool Not only scans the Domains also the all Internet-connected Things.(Webcams, smart Devices, traffic lights)

https://www.shodan.io/

Shodan..!!An Internet Connected things Scanner.!!

Prerequisites:

First you need to create an Account Noraml Results.

You can Register the Account by Below Link..,

https://account.shodan.io/register

Once Your Registered Free account , You only got limited Results. All the Results are Only available for the Paid One💲💲..!!!

Usage:

You can Search Your Target's Domain Name, IP or CIDR.

It Will gives you to the Open Ports And Its Status Of your Target . You can Look out the Open Ports And Identify The Vulnerabilities.

2.Cencys →Censys is a platform that helps information security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

https://censys.io/

Cencys Search Engine..

Prerequisites:

Like The Shodan, You need to create an Account for Normal Results.
You can Register the Account by Below Link..,

https://accounts.censys.io/register

Usage:

You can Search Your Target's Domain Name, IP or CIDR.

Also, Once Your Registered Free account , You only got limited Results. For better Results You need Paid One💲💲..!!!

3.Nmap →Network Mapper Scan the internet Hosts an Enumerating Open Ports.

https://github.com/nmap/nmap

Fyodor Vaskovichs Nmap Tool.

Install:

By default, Nmap Is Installed In On your linux Platforms. If Not then You can Do the below Steps to Install Nmap..

git clone "https://github.com/nmap/nmap.git"

#Installing from Go, The GO is required For installation.
#Congire It ,make binary and Install the binary

./configure
make
make install

Usage:

#For Single Targets
nmap -A -sV -oN example.com
nmap -A -sV -oN 0.0.0.0

#For list of Targets
nmap -A -sV -oN -iL list-hosts.txt

#For List All The Options
nmap -help

#Nmap has Ultimate Option to perform the Port Scan.
#Not only the Port Scan , also the Asset Discovery ,firewall Evasion, etc…,

Nmap Scanning the IP address: Source:https://nmap.org

CAUTION:

Unlike the Shodan and Cencys , Nmap would directly probe your Target(Active Scan). So always Remind Your Target’s Testing Policy. If they Did Not allow us to perform Automation like these , Then Please Avoid The Automation. So,In this Case you can use Passive Techniques As Optionally..

This Part Is Focused On Gather the all Technologies And Frameworks were used by our Target’s Web Application. An Web Application uses many components for its Better Performance.

For example, PHP(Hypertext Preprocessor) is the Programming language, which is used by Web Applications Widely. The PHP allows to Run the commands On the Operating System’s Shell/Command Prompt , Executing External Scripts , Traversing between the Paths Are Available in Computer and so on…
The Older Version of the PHP did not able to Handle the Malicious input, It will Execute all the Given Commands . If the Web Application uses the older Version(Non Currently updated version) of the PHP Language then It might be vulnerable to the Exploits.

In the World, Like the Programming Language, There are lot of Technologies are Available and also they have Lot of Vulnerabilities.

So , For this Reason We would Identify our Target Web Application Technologies and Exploit Them If they Are Vulnerable.

In the Past , there is No word for Automation And Tools. All Jobs were done by Manual. But Now These Days Automation Tools are Act as Particular Role In Hacking And Cyber Security. For Example.., In the Past If we want to know the technologies were used by our target, Then we need to do Analyzing The Web Server’s Response (Banner Grabbing), Analyzing Error Messages And Read Developer Documentation. Sometimes it would be Hard and Boring..

Repeat the same job as repeating will lead boring.!!

But Now The Tools Will Probe, Crawl and Analyzing our Target then Give The All different types of Technologies were Used by our Target. Also they Gives Version of these Techs if They Can. By using these tools we can Done Our Job As Automatically And Fastly....!!

Automation Are Ultimate….

NOTE:
However,Manually analyzing and verifying them are will be most accurate and gives better results than Automation. So we need to manually verify(Resolute) the information by trying to Exploit Them.

1.Wappalyzer → The Toll Will Find the technology stack of any website.Lead lists contain websites, company and contact details, social media profiles and more.

https://www.wappalyzer.com

Elbert Alias’s Wappalyzer Tech Finding Tool..

The Tool Is available as Web GUI and As a Browser Extension. You can use which is the Best sets for you..

Wappalyzer: Web GUI:-

Usage:

You can Simply Enter Your target's Domain In The Search Bar.After , It will results The Founded Technologies.

However , The Web GUI Tool is Only Available for Paid Subscription. You need to Create account and Purchase an Subscription.

Wappalyzer: Browser’s Extension:

If You Don’t Want And use The Free version Then You can Use The Wappalyzer’s Browser Extension, Which is Free But Filtered by Limited Results.

Setup And Usage:

Navigate to apps section on wappalyzers Website.

2. Select your Compatible browser and Add It.

3. Open Your Target domain then You can Find The Technologies Of Profile By Clicking the Wappalyzer’s Browser Extension Icon.

After that it will give the Founded Technology And Its Versions of the Domain…

2.Builtwith → Asthe Name, The Tool would Find the websites are Built With which Technology.

https://builtwith.com/

Andrew Rogers’s and Gary Brewer’s Built with Tool…

Builtwith Is available as Web GUI and As a Browser Extension. You can use the one which is Suits for You..

Builtwith: Web GUI:

Usage:

You can Simply Enter Your target’s Domain In The Search Bar.After , It will Give All The Founded Technologies.

For More Information About the Technology , You need An Paid Subscription. You Can Create account and Purchase an Subscription. Also You can Use The Free Version Of the Builtwith..

An Good Fact About the Builtwith is it will give The More Results Comparing than the Wappalyzer.

Builtwith result the Founded Techs..

Builtwith: Browser’s Extension :

Setup And Usage:

Navigate to The Builtwith’s domain’s toolbar Page.

2. Select your Compatible Browser Version and Add It.

3. Open Your Target Domain then You can Find The Technologies Of Profile By Clicking the Builtwith’s Browser Extension Icon.

Bulitwith reports the Founded Techs

Once You clicks the Extension , it will give the Founded Technology And Detail About the Technology of the Domain…

As I Previously said in the Information Gathering and Reconnaissance Blog, Information can Also Lead to Exploit The Vulnerabilities on Our Target.

Once we found out the Version of the Technology our Target Uses, Then we need find if any Exploits(Vulnerabilities) are available For Them.

However In this Blog we will not Cover About Exploiting The Vulnerable Technologies of Our Target. Because It is the Next Blog we would see it and which Is Titled As “Exploiting Vulnerable Technologies: Fingerprinting:-Vertical RECON”.
I think this may be a small blog, but it’s not the End. This Blog is The Ending Point to the Starting New Point in Fingerprinting.

At last, The One Thing About Me.., I Always did not Want to Teach to you or Explain to you. I Also Want you to Teach Me and Want You to Explain the Mistakes Were Made by Me. So, You Can Repair My Mistakes and Give the Solution on the Comment Section. I Always Hope It From You💖..
Okay Guys.... Thanks For Your Attention With Me👊, We Will Meet On The Next Blog..Soon..!!!

Now Exit.. Will Meet Soon....!!!