12 April 2012 | 2,898 views

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

Don't let your data go over to the Dark Side!

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework.

Current Functionality

  • -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
  • -Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.
  • -auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?
  • -cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)
  • -I – searches the responses for interesting strings
  • -Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
  • -Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
  • -proxy – send all http reqs via a proxy. example:
  • -e – run all the scans in the scanner

web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).



look for login pages:

most intense scan possible:

You can download web-sorrow here:


Or read more here.


Recent in Hacking Tools:
- RWMC – Retrieve Windows Credentials With PowerShell
- MITMf – Man-In-The-Middle Attack Framework
- LaZagne – Password Recovery Tool For Windows & Linux

Related Posts:
- Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool
- wig – WebApp Information Gatherer – Identify CMS
- BlindElephant – Web Application Fingerprinter

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,954,244 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,332,045 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 665,869 views

Low-cost VPS Hosting

Comments are closed.