wig (WebApp Information Gatherer)

LSE toolsLSE toolswig (442)wig (442)

Tool and Usage

Project details

License
BSD 2-clause
Programming language
Python
Latest release
0.6
Latest release date

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Wig is a security tool to discover what particular software is for a web application or website. It can detect several Content Management Systems (CMS) and other administrative applications. This may be useful for those performing reconnaissance or information gathering, like during a penetration test of security assessment.

How it works

Wig performs application fingerprinting by using checksums and string matching of known files. The discovered data is scored and the best matches are displayed. The tool can also do a guess about the operating systems used by looking at several HTTP headers like server and x-powered-by.

Usage and audience

wig is commonly used for application fingerprinting, information gathering, reconnaissance, or web application analysis. Target users for this tool are pentesters.

Features

  • Command line interface
  • JSON output supported

Example usage and output

usage: wig.py [-h] [-l INPUT_FILE] [-q] [-n STOP_AFTER] [-a] [-m] [-u] [-d]
[-t THREADS] [--no_cache_load] [--no_cache_save] [-N]
[--verbosity] [--proxy PROXY] [-w OUTPUT_FILE]
[url]

WebApp Information Gatherer

positional arguments:
url The url to scan e.g. http://example.com

optional arguments:
-h, --help show this help message and exit
-l INPUT_FILE File with urls, one per line.
-q Set wig to not prompt for user input during run
-n STOP_AFTER Stop after this amount of CMSs have been detected. Default:
1
-a Do not stop after the first CMS is detected
-m Try harder to find a match without making more requests
-u User-agent to use in the requests
-d Disable the search for subdomains
-t THREADS Number of threads to use
--no_cache_load Do not load cached responses
--no_cache_save Do not save the cache for later use
-N Shortcut for --no_cache_load and --no_cache_save
--verbosity, -v Increase verbosity. Use multiple times for more info
--proxy PROXY Tunnel through a proxy (format: localhost:8080)
-w OUTPUT_FILE File to dump results into (JSON)
wig - WebApp Information Gatherer


Redirected to http://www.example.com
Continue? [Y|n]:
Scanning http://www.example.com...
_____________________________________________________ SITE INFO _____________________________________________________
IP Title
256.256.256.256 PAGE_TITLE

______________________________________________________ VERSION ______________________________________________________
Name Versions Type
Drupal 7.38 CMS
nginx Platform
amazons3 Platform
Varnish Platform
IIS 7.5 Platform
ASP.NET 4.0.30319 Platform
jQuery 1.4.4 JavaScript
Microsoft Windows Server 2008 R2 OS
Example output of wig

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Weaknesses

  • - No updates for a while
  • - Full name of author is unknown

Installation

Supported operating systems

Wig is known to work on Linux.

wig alternatives

Similar tools to wig:

96

WhatWeb

WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

72

CMSeeK

CMSeeK is a security scanner for content management systems (CMS) and used for security assessments. Read how it works in this review.

100

Wappalyzer

Wappalyzer is an information gathering tool for web applications and websites. It may be used for security assessments, or simply to look up technology details.

All wig alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.