⚔️
Carpa Security Book
  • 😎Introduction
  • 🔴Offensive Security
    • Reconnaissance & Information Gathering
      • Passive Reconnaissance
        • Reconnaissance Frameworks
        • Metadata Analysis
        • Domain & IP Enumeration
        • Social Media
        • Email Addresses
        • Search Engines
      • Active Recon
        • System & Network
          • Network & Port Scanning
          • Vulnerability Scanners
          • OS Fingerprinting & Service Identification
          • Network Mapping and Visualization
          • Service Enumeration
        • Web Application
          • Public Resource
          • Technology Mapping
          • Analyzing Client Side Code
          • Testing User Inputs and Controls:
          • Analyzing Server Responses and Error Messages:
          • API and Endpoint Analysis:
          • Session Management Analysis
          • Automated Vulnerability Scanning
          • Web Enumeration
        • Wireless Network Reconnaissance
    • Exploitation & Target Compromise
    • Privilege Escalation
    • Post Exploitation
      • Lateral Movement
    • Attacktive Directory
    • Credential Attacks
    • Wireless
    • Social Engineering
    • Web App PenTesting
    • Physical Security
  • 🔵Defensive Security
  • 🖥️Linux Commands
  • 🔠Certificates Prep
  • 🔗Training and Resources
Powered by GitBook
On this page
  1. Offensive Security
  2. Reconnaissance & Information Gathering
  3. Active Recon
  4. Web Application

Technology Mapping

PreviousPublic ResourceNextAnalyzing Client Side Code

Last updated 1 year ago

Understanding a web application during reconnaissance involves gathering as much information as possible about its structure, functionality, and underlying technology.

: Identifies technologies on websites, such as CMS, web frameworks, server software, and analytics tools.

: Provides details about the technology stack of websites, including server information, CMS, and scripting languages.

WhatWeb: Identifies website technologies, including content management systems, web server platforms, and JavaScript libraries.

Retire.js (Browser Extension): Identifies web applications using outdated JavaScript libraries with known vulnerabilities.

Recon-ng (Web Module): Web reconnaissance framework with modules to identify technologies used by web applications.

  • Example Commands:

    • recon-ng: Start Recon-ng.

    • marketplace search web: Find web modules.

    • modules load recon/domains-hosts/builtwith: Load BuiltWith module.

    • options set SOURCE example.com: Set target domain.

    • run: Execute the module.

Browser Extensions like Technology Profiler and Web Tech Detector: Browser add-ons to detect web technologies used on sites.

Netcraft Extension: Provides information about the sites visited including background on the site's hosting, risk ratings, and technology.

Library Sniffer (Browser Extension): Detects JavaScript libraries and frameworks used on web pages.

Green: Determines the timezone settings used by a web server, which can hint at the server's physical location or configuration settings.

Header Check: Analyzes HTTP response headers to determine server configuration and technologies.

SiteSucker (Mac App): Automatically downloads websites and extracts their structure, including scripts, stylesheets, and other resources.

Extension: Stylebot (Browser Extension): Allows customization of website appearance, providing insights into CSS and web design frameworks used.

(Formerly MaxCDN): Identifies Content Delivery Networks (CDNs) used by websites.

: Scans websites to detect over 2,800 website technologies and monitors for changes.

JavaScript and CSS Code : Beautifies and formats obfuscated or minified JavaScript and CSS codes to understand the underlying technology better.

🔴
StackPath
Hexometer
Beautifier
Wappalyzer
BuiltWith