Web Technologies

Identifying Web Technologies

The first step to perform a web application penetration test is to identify the target's web technology in use. In order to do that, you can follow these basic steps:

Peform nmap scans against the target web application's open port
Analyze the web application:
- Using Wappalyzer as a browser extension
- Using whatweb http://server.com --log-verbose output-file
Look for the following generic files: robots.txt, sitemap.xml, README.txt, CHANGELOG.txt
Analyze the website's footer, header and source code to check for references to the web technology used
Analyze the HTTP Response Headers
Force errors to trigger unexpected behaviors in the web application that may cause information disclosure

External Resources

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web#web-tech-tricks

Last updated 1 year ago

Was this helpful?