Other technologies
Last updated
Was this helpful?
Last updated
Was this helpful?
A web application usually relies on multiple components which compose the attack surface among which the potential elements:
the web server (e.g. Apache, Nginx, Microsoft IIS)
a
JavaScript Frameworks
...
When conducting an audit of a web app, identifying those technologies and the versions in use is necessary to conduct a thorough reconnaissance and correctly map the attack surface.
Those technologies can usually be identified from the different elements:
Credits at the bottom or corner of pages
HTTP headers
Common files (e.g. robots.txt, sitemap.xml)
Comments and metadata (HTML, CSS, JavaScript)
Stack traces and verbose error messages
Automated scanning tools can also help identify which technologies are used.
(Ruby) recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
is a browser extension that can detect the use of certain software including CMS