# Fingerprinting

## Tools

<table><thead><tr><th width="170">Tool</th><th>Description</th><th>Features</th></tr></thead><tbody><tr><td><code>Wappalyzer</code></td><td>Browser extension and online service for website technology profiling.</td><td>Identifies a wide range of web technologies, including CMSs, frameworks, analytics tools, and more.</td></tr><tr><td><code>BuiltWith</code></td><td>Web technology profiler that provides detailed reports on a website's technology stack.</td><td>Offers both free and paid plans with varying levels of detail.</td></tr><tr><td><code>WhatWeb</code></td><td>Command-line tool for website fingerprinting.</td><td>Uses a vast database of signatures to identify various web technologies.</td></tr><tr><td><code>Nmap</code></td><td>Versatile network scanner that can be used for various reconnaissance tasks, including service and OS fingerprinting.</td><td>Can be used with scripts (NSE) to perform more specialised fingerprinting.</td></tr><tr><td><code>Netcraft</code></td><td>Offers a range of web security services, including website fingerprinting and security reporting.</td><td>Provides detailed reports on a website's technology, hosting provider, and security posture.</td></tr><tr><td><code>wafw00f</code></td><td>Command-line tool specifically designed for identifying Web Application Firewalls (WAFs).</td><td>Helps determine if a WAF is present and, if so, its type and configuration.</td></tr></tbody></table>

## Banner grabbing

```shell-session
curl -I https://www.inlanefreight.com
```

* `-I` is for a HEAD request

## WafW00f

```bash
pip3 install git+https://github.com/EnableSecurity/wafw00f
```

```bash
wafw00f inlanefreight.com
```

## Nikto

```bash
sudo apt update && sudo apt install -y perl
git clone https://github.com/sullo/nikto
cd nikto/program
chmod +x ./nikto.pl
```

```bash
nikto -h inlanefreight.com -Tuning b
```

* `-Tuning b` flag tells `Nikto` to only run the Software Identification modules.