During the information-gathering phase of a website's penetration testing, it's important to determine the underlying technologies running on the actual web server. Netcraft (www.netcraft.com) is an internet security and data mining website that can assist us in discovering web technologies on a web server for any given website.
To get started with using Netcraft, follow these steps:
- Head on over to https://toolbar.netcraft.com/site_report.
- On the website, enter the website's URL in the lookup field.
The following is the result that was retrieved for the www.google.com website:
Netcraft is able to provide a lot of details about the target website, including the following:
-
- Domain name
- Public IP address
- Domain registrar
- Organization
- Netblock owner
- Nameservers
- DNS admin contact
- Web server types
- Web server operating systems
Having retrieved the web server operating system and the running application, you can now narrow down your scope to searching for vulnerabilities and exploits that fit the target.
- Additionally, you can use the Netcat utility to perform banner grabbing. This technique is used to retrieve service versions of a running daemon or application on a target device. Using the following command, we can establish a connection between our machine (Kali Linux) and the target web server on port 80:
nc www.google.com 80
- Next, it's time to retrieve the web server banner. Execute the following command:
GET / HTTP/1.1
- Hit Enter twice and the web server banner will be displayed at the top. The following is a snippet showing the server banner for the www.google.com address, along with its web server type:
Please remember that using the Netcat utility will establish a session between your attacker machine (Kali Linux) and the target. If the objective is to be stealthy (undetectable), this method is not recommended unless you are spoofing your IP address and MAC addresses.
In the next section, we'll dive deep into discovering websites that are hosted on the same web server.