WIG – Webserver Fingerprinting, Detect CMS and WebApps

0

WIG is a web application reconnaissance and vulnerability scanner tool, which is able to identify various Content Management Systems (CMS) and other administrative web applications. Wig can also attempt to do OS fingerprinting to webserver.

Wig’s fingerprinting scenario is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Wig also tries to guess the operating system running on the server based on headers the ‘server’ and ‘x-powered-by’. Wig has database containing known header values for different operating systems, which allows wig to guess every OS version.

INSTALLING WIG

Download wig project to local drive, run following commands:

 

WIG - Webserver Fingerprinting, Detect CMS and WebApps

WIG USAGE

Wig can only run on minimum python 3. Type following command to display help menu and options.

 

WIG - Webserver Fingerprinting, Detect CMS and WebApps

Now, after read all available options lets scan a target. Type:

As you can see above image, wig take time 205.6 seconds or about 3 minutes to scan the target. And the wig vulnerability report said that target has security hole on joomla version 2.5.4 and display the reference link on http://cvedetails.com/version/129399. Simple enough? now you know what vuln the target has, and then decided the appropriate exploit or hack methods against the target. Good luck!