WIG (WebApp Information Gatherer) is a web application information collection tool that can identify numerous content management systems and other management applications.
Application fingerprint recognition is based on checksum and string matching of known files of different versions of CMSes. This results in calculating the score for each detected CMS and its version. Each detected CMS is displayed with the most likely version. Score calculation is based on weights and the number of “hits” for a given checksum.
WIG also tried to guess the operating system on the server based on the “server” and “x-powered-by” headers. WIG contains a database of known header values for different operating systems, which allows WIG to guess Microsoft Windows versions and Linux distributions and versions.
Note: It requires Python 3 running platform
Instructions
python3 wig.py cesafe.com
The default behavior of WIG is to recognize the CMS and exit after the CMS version is detected. This is done to limit the traffic sent to the target server. This behavior can be overridden by setting the ‘-a’ flag, in which case the wig will test all known fingerprints. Because some application configurations do not use the default location of files and resources, you can make the wig obtain all static resources encountered during the scan. This is done with the ‘-c’ option. The ‘-m’ option tests all fingerprints against all extracted URLs, which will be very useful if the default location has been changed.
Leave a Reply