1. Footprint the Webserver

An ethical hacker or penetration tester must perform footprinting to detect the loopholes in the web server of the target organization.

1. Information gathering using Ghost Eye

LogoGitHub - BullsEye0/ghost_eye: Ghost Eye Informationgathering Footprinting Scanner and Recon Tool Release. Ghost Eye is an Information Gathering Tool I made in python 3. To run Ghost Eye, it only needs a domain or ip. Ghost Eye can work with any Linux distros if they support Python 3. Author: Jolanda de KoffGitHub
git clone https://github.com/BullsEye0/ghost_eye.git
cd ghost_eye
pip3 install -r requirements.txt

Now launch it

We can use the tool for WHOIS lookup, DNS etc and also scan for clickjacking vulnerability

2. Perform Web Reconnaisance using skipfish

Logoskipfish | Kali Linux ToolsKali Linux

3. Footprint Webserver using Httprecon

Logohttprecon project - advanced http fingerprintingwww.computec.ch

4. Footprinting using ID serve

LogoGRC | ID Serve - Internet Server Identification Utilitywww.grc.com

5. Footprinting using netcat and Telnet

netcat

telnet

6. Enumeration Webserver using NSE script

Now to enumerate the hostnames use the following script

http trace scanner

Http WAF (Firewall) detection

7. Uniscan webserver footprinting

Logouniscan | Kali Linux ToolsKali Linux
LogoExam Prep & Training for CEH Practical (Unofficial Course)Udemy
PreviousModule 13. Hacking Web ServersNext2. Perform Webserver attacks

Last updated

Was this helpful?