{"id":3378,"date":"2012-10-15T10:01:47","date_gmt":"2012-10-15T09:01:47","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3378"},"modified":"2012-10-15T10:01:47","modified_gmt":"2012-10-15T09:01:47","slug":"web-sorrow-v1-48-version-detection-cms-identification-enumeration-server-scanning-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2012\/10\/web-sorrow-v1-48-version-detection-cms-identification-enumeration-server-scanning-tool\/","title":{"rendered":"Web-Sorrow v1.48 &#8211; Version Detection, CMS Identification, Enumeration &#038; Server Scanning Tool"},"content":{"rendered":"<p>Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It&#8217;s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a &#8220;safe to run&#8221; program, meaning it is not designed to be an exploit or perform any harmful attacks. <\/p>\n<p>There&#8217;s a couple of other tools that focus more on the identification part:<\/p>\n<p>&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2010\/05\/whatweb-next-gen-web-scanner-identify-cms-content-management-system\/\">WhatWeb \u2013 Next Gen Web Scanner \u2013 Identify CMS (Content Management System)<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2011\/04\/wappalyzer-web-technology-identifier-identify-cms-javascript-etc\/\">Wappalyzer \u2013 Web Technology Identifier (Identify CMS, JavaScript etc.)<\/a><\/p>\n<p>There&#8217;s also a pretty cool web app I use often which is &#8211; <a href=\"http:\/\/builtwith.com\/\">http:\/\/builtwith.com\/<\/a><\/p>\n<p><strong>Features<\/strong><\/p>\n<ul>\n<li><strong>Web Services:<\/strong> Identify a CMS and it&#8217;s version number, social media widgets and buttons, hosting provider, CMS plugins, and favicon fingerprints<\/li>\n<li><strong>Authentication areas:<\/strong> logins, admin logins, email webapps<\/li>\n<li><strong>Bruteforce:<\/strong> Subdomains, files and directories<\/li>\n<li><strong>Stealth:<\/strong> with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host<\/li>\n<li><strong>AND MORE:<\/strong> Sensitive files, default files, source disclosure, directory indexing, banner grabbing<\/li>\n<\/ul>\n<p>In some ways it overlaps with other tools too like:<\/p>\n<p>&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2011\/11\/golismero-web-application-mapping-tool\/\">GoLISMERO \u2013 Web Application Mapping Tool<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2011\/06\/skipfish-1-94b-released-active-web-application-security-reconnaissance-tool\/\">Skipfish 1.94b Released \u2013 Active Web Application Security Reconnaissance Tool<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2009\/10\/nikto-2-1-0-released-web-server-security-scanning-tool\/\">Nikto 2.1.0 Released \u2013 Web Server Security Scanning Tool<\/a><br \/>\n&#8211; <a href=\"https:\/\/www.darknet.org.uk\/2011\/09\/lilith-web-application-security-audit-tool\/\">Lilith \u2013 Web Application Security Audit Tool<\/a><\/p>\n<p>But as always, you should try them all and see which ones suits the way you work best.<\/p>\n<p>You can download Web-Sorrow here:<\/p>\n<p><a href=\"http:\/\/web-sorrow.googlecode.com\/files\/Web-Sorrow_v1.4.8.zip\">Web-Sorrow_v1.4.8.zip<\/a><\/p>\n<p>Or read more <a href=\"http:\/\/code.google.com\/p\/web-sorrow\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It&#8217;s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a &#8220;safe to run&#8221; program, meaning it is not designed to be an exploit or perform any harmful attacks. There&#8217;s a couple of other tools that [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9,17,15],"tags":[7551,7552,5391,1290,396,376],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3378"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3378"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3378\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}