Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool


Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks.

There’s a couple of other tools that focus more on the identification part:

WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)

There’s also a pretty cool web app I use often which is – http://builtwith.com/

Features

  • Web Services: Identify a CMS and it’s version number, social media widgets and buttons, hosting provider, CMS plugins, and favicon fingerprints
  • Authentication areas: logins, admin logins, email webapps
  • Bruteforce: Subdomains, files and directories
  • Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host
  • AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing

In some ways it overlaps with other tools too like:

GoLISMERO – Web Application Mapping Tool
Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
Nikto 2.1.0 Released – Web Server Security Scanning Tool
Lilith – Web Application Security Audit Tool

But as always, you should try them all and see which ones suits the way you work best.

You can download Web-Sorrow here:

Web-Sorrow_v1.4.8.zip

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

, , , , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


6 Responses to Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool

  1. Deepanker October 28, 2012 at 6:20 pm #

    really its a nice tool..

  2. moocherhunter October 29, 2012 at 10:24 am #

    Hi all, i have been looking everywhere for something which will enable me to triangulate the location of people using my wi-fi connection.
    After a while i found this “MoocherHunter”, which apparently just do that and it’s free, but when you try to download the free iso image from their website, it just open another page and nothing else.
    So, my question is, there is anything which can do this currently available, or a link for downloading this one which actually works??
    All it needs to do, is to track the location of someone connected to my wireless network, nothing else. Thanks!

    • z2458 November 2, 2012 at 4:33 am #

      Here is a working link. You should have checked the website before asking. http://securitystartshere.org/page-training-oswa-assistant-download.htm

      • moocherhunter November 2, 2012 at 6:27 am #

        This is the link i received(site notification), the reply i posted was directed to this comment, but when i come back 5 minutes ago to post my reply, it wasn’t showing up, so i replied to my own post.

  3. moocherhunter November 2, 2012 at 6:23 am #

    I want to inform the person that sent a link to me (thank you that was kind but…), that when i click on it and select “download”, i get redirected to a different page (training-htm), so, i believe the webmaster has put a “country block” on his page or something similar.
    In other words, it doesn’t work.
    There is really nobody here that is aware of something which can do the same tasks? i mean, i am no expert by any means and i did found this stuff, i thought the experts on this site would be aware of much more stuff i didn’t even know about…maybe not.
    However, just for your info, there is also a piece of hardware which also do that, the “AirCheck wi-fi tester” from a company called Fluke, but there is no way i want or even i can think to spend 2.000$ for it.
    Do not be scared by my request, i have no intention to use it against reasonable people. I share openly my wi-fi to people that would not have it otherways, but the country i live in is a bit too much backward and restrictive, so, in the event i get “framed” for something done by somebody else, i need to be able to proof it wasn’t me and provide the perpetrators. Help me to help you. THANKS!

  4. moocherhunter November 3, 2012 at 6:57 pm #

    Well, i finally got it by looking for the “OSWA Assistant” instead of “MoocherHunter”, but it doesn’t work…i installed it on a USB stick and once loaded, get stuck on “PCMCIA found, starting cardmgr”, when i did try to fix this using the suggested “F2” trick on the FAQ’s i just end up with a black screen….they don’t even have a forum available, ouch!