Determine what a web site is powered by including details such as web server, web application, scripting languages and hosting provider. This information is a part of the information gathering phase and footprinting of a target prior to launching an attack.
About the Powered By ToolAn X-Powered By: banner in a HTTP server response typically reveals some information about a web server. In many open source content management systems and web based applications will reveal the software name sometimes version in the footer of a web page.
With this IP Tool we attempt to find a great deal of information from the HTTP Headers, IP address and the HTML code that comes back with the headers. Only the first page that you select will be analyzed for this data. So if a web site has a shopping cart or forum that is not running the main page, you may need to individually select these deeper pages.
The tool will attempt to determine the operating system, web server, web application, server side scripting languages, client side scripts in use, the location and details of the web servers hosting company based on IP Address netblock owner.
What would I use this tool for?By determining what a web site is powered by you may be able to develop an understanding of the organizations information technology infrastructure. This sort of information may be useful for a number of reasons:
- Penetration Testing
- Business intelligence, what technology does xyz company use on their web site back-end?
- Review competitors web infrastructure
- Just for fun; What does the NSA use for a web-server? Does Microsoft have any Linux web servers?
What methods are used for determining the results?
This is checked against the HTTP Header response for the Web Server and X-Powered-By banners. Another interesting tool we use, is the p0f passive analysis that checks for attributes in a TCP packet and compares that with its database of known web servers and operating systems.
HTTP Header responses can be faked or made quite generic but not many people do this, the HTTP Header is a pretty good indicator of the web server in use.
Server Side Technology
Primarily the X-Powered-By banner as this will show ASP, PHP and other web server extensions.
Client Side Technology
Similar to the Client Side item, we parse the HTML output and look for known attributes or meta data that indicates a web application in use; good examples are WordPress, Drupal and DotNetNuke installations.
Background on Powered By banners
Powered by banners have been around for many years, originally they were used to promote the fact that a web site used Open Source software. Powered By Apache, Powered By Linux, Powered by Penguins even; while there are benefits to the community from promoting the use of such technology. When the Powered By banners become a bit more specific they can be a benefit to attackers who can search Google to find vulnerable web applications. “Powered By ForumName 2.2.3″ would be an example of this, could be phpbb, vbulletin or other forum but it provides a fast method for an attacker to pin point and exploit a random web site. These searches are known as Google Dorks, and there is a whole database of them.