Find Firewall & CDN used a website during Pentest with VXSCAN

Information gathering phase shows how an pentester should prepare for his next phases. Because in this phase pentester have to collect information about their target as much possible. Their are many automation tools which are used in gathering information. Today we will show an python script used in gathering information. Vxscan is an extensive scanning tool used for detecting sensitive files, WAF/CDN identification, port scanning, fingerprint,/ service OS identification, weak passwords.

Vxscan also tries to find WAF (Web Application Firewall) & CDN (Content Delivery Network). WAF which blocks, filter and monitor the malicious http traffic WAF covers common attacks on web application like cross site scripting. CDN shows the web content to user based on geographical location. When user visits webpage from their computer. CDN shows content based on their network. Vxscan has pre-defined list of WAF & CDN, where vxscan tries to find WAF and CDN of the target website.

For testing we will use Kali Linux 2018.4 amd64. Before going further make python3 is installed in kali Linux. For that type sudo apt-get update && sudo apt-get install python3Then type git clone https://github.com/al0ne/Vxscan.gitType cd Vxscan && lsSome pre-requisites which are required for installation of the Vxscan For installing such requirements :-Type sudo apt-get install python-requests tqdm, pyfiglet, fake-useragent, beautifulsoup4, geoip2, tldextract, python-nmap, lxml, pymongo, virustotal_pythonIf some dependencies shows not found in Kali Linux repository. For that type python -m pip install After installing all the dependencies type wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gzIf the above link shows error. You can download required file manually. and replace the GeoLite2-City.mmdb from /home/iicybersecurity/Downloads/Vxscan/dbAfter replacing type pip3 install -r requirements.txtThen type python3 Vxscan.py -hFor testing we will use DVWA (Damm Vulnerable Webapplication Tesitng) & https://testphp.vulnweb.comType python3 Vxscan.py -u testphp.vulnweb.com

root@kali:/home/iicybersecurity/Downloads/Vxscan# python3 Vxscan.py -u https://testphp.vulnweb.com

__ __

\ \ / /_ _____ ___ __ _ _ __

\ \ / /\ \/ / __|/ __/ _` | '_ \

\ V / > <\__ \ (_| (_| | | | |

\_/ /_/\_\___/\___\__,_|_| |_|

----------------------------------------------------------------------------------------------------

Host: testphp.vulnweb.com

----------------------------------------------------------------------------------------------------

GeoIP:

[+] Address: 德国

[+] Ipaddr: 176.28.50.165

Webinfo:

[+] Title: Home of Acunetix Art

[+] Fingerprint: ['DreamWeaver', 'PHP', 'php', 'Nginx']

[+] Server: nginx/1.4.1

[+] WAF: NoWAF

VT PDNS:

[+] None

Reverse IP Domain Check:

[+] 176.28.50.165

[+] rs202995.rs.hosteurope.de

[+] testhtml5.vulnweb.com

[+] testphp.ingensec.ch

[+] testphp.ingensec.com

[+] testphp.ingensec.fr

[+] testphp.vulnweb.com

[+] vulnweb.com

[+] www.vulnweb.com

PortScan:

[+] Portspoof:0

Vuln:

[+] MySQL SQLi:https://testphp.vulnweb.com/artists.php?artist=2

[+] MySQL SQLi:https://testphp.vulnweb.com/listproducts.php?cat=1

[+] MySQL SQLi:https://testphp.vulnweb.com/search.php?test=query

OS:

[+] None

running 31.986 seconds...

Above output shows the basic info about the target website. Vxscan has found the IP address of the target website which can be used to verify that what series of IP address is assigned to target. Then it shown basic fingerprint of website. In which it shows backend language (PHP) on which target has written the code of website. Then it shows the dreamweaver which shows that Website front-end has build using Adobe Dreamweaver. Adobe Dreamweaver is an popular software from Adobe which helps to create HTML pages quickly. As Dreamweaver gives an feature for drag & drop Vxscan has also find the server (nginix 1.4.1) on which target website Vxscan has done reverse IP domain check. Where it shows other webpages of target website. Attacker can use such names to create crunch of the target website and can use it in dictionary attacks.Vxscan also shows the vulnerable links of the vulnweb.com, where you can use SQL Injection methods or another scanning tools for further hacking activities.For further testing we will scan DVWA (Damm Vulnerable Webapp Testing).

root@kali:/home/iicybersecurity/Downloads/Vxscan# python3 Vxscan.py -u https://192.168.1.105

__ __

\ \ / /_ _____ ___ __ _ _ __

\ \ / /\ \/ / __|/ __/ _` | '_ \

\ V / > <\__ \ (_| (_| | | | |

\_/ /_/\_\___/\___\__,_|_| |_|

----------------------------------------------------------------------------------------------------

Host: testphp.vulnweb.com

----------------------------------------------------------------------------------------------------

GeoIP:

[+] Address: None

[+] Ipaddr: 192.168.1.105

Webinfo:

[+] Title: Damn Vulnerable Web App (DVWA) - Login

[+] Fingerprint: ['UNIX', 'mod_dav', 'mod_ssl', 'Apache', 'mod_perl', 'Perl', 'PHP', 'OpenSSL']

[+] Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1

[+] WAF: NoWAF

VT PDNS:

[+] None

Reverse IP Domain Check:

[+] error check your search parameter

PortScan:

[+] ftp:21

[+] HTTPS:443

[+] https:80

[+] mysql:3306

[+] ssh:22

Vuln:

[+] https://192.168.1.105 | Damn Vulnerable Web App (DVWA) - Login

[+] https://192.168.1.105 | Damn Vulnerable Web App (DVWA) - Login

OS:

[+] Linux 2.6.17 - 2.6.36

running 7.737 seconds…

Above output shows target IP address, webinfo. It also shows reverse IP domain check & vulnerability in two webpages.Now we will scan another website. Now we will scan hack.me

root@kali:/home/iicybersecurity/Downloads/Vxscan# python3 Vxscan.py -u hack.me

__ __

\ \ / /_ _____ ___ __ _ _ __

\ \ / /\ \/ / __|/ __/ _` | '_ \

\ V / > <\__ \ (_| (_| | | | |

\_/ /_/\_\___/\___\__,_|_| |_|

----------------------------------------------------------------------------------------------------

Host: hack.me

----------------------------------------------------------------------------------------------------

GeoIP:

[+] Address: 美国 佛罗里达州 坦帕

[+] Ipaddr: 74.50.111.244

Webinfo:

[+] Title: Hack.me · The house of rising sandbox

[+] Fingerprint: ['animate.css', 'Bootstrap', 'IIS', 'Font Awesome', 'Windows Server', 'jQuery', 'jQuery Migrate']

[+] Server: Microsoft-IIS/7.5

[+] WAF: NoWAF

VT PDNS:

[+] None

Reverse IP Domain Check:

[+] API count exceeded - Increase Quota with Membership

PortScan:

[+] Portspoof:0

Vuln:

[+] Leaks: username = username

[+] Leaks: token = document

[+] Leaks: username = document

[+] Leaks: password = password

[+] Leaks: password = document

[+] Leaks: token = security

OS:

[+] None

running 90.759 seconds…

Above output shows IP address, location and server of the target website. Vxscan also shows the leaks in login page.

Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.Set your Author Custom HTML Tab Content on your Profile page

2021-07-25


Find Firewall & CDN used a website during Pentest with VXSCAN