Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks.
There’s a couple of other tools that focus more on the identification part:
- WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)
- Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
- Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
There’s also a pretty cool web app I use often which is – http://builtwith.com/
Features
- Web Services: Identify a CMS and it’s version number, social media widgets and buttons, hosting provider, CMS plugins, and favicon fingerprints
- Authentication areas: logins, admin logins, email webapps
- Bruteforce: Subdomains, files and directories
- Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host
- AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing
In some ways it overlaps with other tools too like:
- GoLISMERO – Web Application Mapping Tool
- Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
- Nikto 2.1.0 Released – Web Server Security Scanning Tool
- Lilith – Web Application Security Audit Tool
- Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
- Nikto 2.1.0 Released – Web Server Security Scanning Tool
- Lilith – Web Application Security Audit Tool
But as always, you should try them all and see which ones suits the way you work best.
You can download Web-Sorrow here:
Or read more here.