Netcraft is a tool that helps us to find the technologies that are used for the target website. Knowing more information about the target website we can create a better attack vector, creating an exploit by knowing the vulnerability that is present in the website.
On Netcraft, website navigate to the site report and type the target URL in it and click on "lookup" for it.
Now, it shows the site report which provides the Risk rating, Domain, IP address, Domain registrar, and the company where the domain is registered.
In the Network Section, you can see the Nameserver, Owner, IPV4, and IPV6
And also you can see the Site Technology what technology the client side and server side are using which helps us to create exploits by using Metasploit or the VeilEvasion Framework tool by choosing the proper script to run both sides.
Here, you can see the Server side is using the SSL technology to find the proper exploit by visiting the GoogleHackingDatabse which helps to find access to the server side.
And also the Javascript is used by the Client side this will be run on the user end. So, when we make an exploit we need to make the script run on the user end to get sensitive information.
So this is one of the ways to exploit Web Applications. The information gathering is the more powerful phase in the Penetration Testing which helps to make a better attack vector to gain a hold on the target systems.
Comments
Post a Comment