WIG is a web application reconnaissance and vulnerability scanner tool, which is able to identify various Content Management Systems (CMS) and other administrative web applications. Wig can also attempt to do OS fingerprinting to webserver.
Wig’s fingerprinting scenario is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Wig also tries to guess the operating system running on the server based on headers the ‘server’ and ‘x-powered-by’. Wig has database containing known header values for different operating systems, which allows wig to guess every OS version.
Download wig project to local drive, run following commands:
[email protected]:~$ git clone https://github.com/jekyc/wig.git [email protected]:~$ cd wig
Wig can only run on minimum python 3. Type following command to display help menu and options.
[email protected]:~/wig$ python3 wig.py -h
Now, after read all available options lets scan a target. Type:
[email protected]:~/wig$ python3 wig.py [Target URL] -vvv
As you can see above image, wig take time 205.6 seconds or about 3 minutes to scan the target. And the wig vulnerability report said that target has security hole on joomla version 2.5.4 and display the reference link on http://cvedetails.com/version/129399. Simple enough? now you know what vuln the target has, and then decided the appropriate exploit or hack methods against the target. Good luck!