View Categories

Fingerprinting Server & Teknologi”

3 min read

# Fingerprinting Server & Teknologi

Fingerprinting adalah proses mengidentifikasi jenis server, sistem operasi, teknologi framework, database, dan komponen lain yang digunakan oleh target. Tahap ini penting karena informasi versi dan teknologi dapat langsung dikaitkan dengan kerentanan spesifik (CVE/CWE).

Fingerprinting yang akurat membantu pentester:
– memilih payload eksploit yang tepat,
– menilai risiko berbasis teknologi,
– memahami struktur arsitektur target,
– menemukan misconfiguration yang umum.

## 1. Komponen yang Diidentifikasi dalam Fingerprinting

### 1.1 Sistem Operasi (OS)
– Linux (Ubuntu, Debian, CentOS)
– Windows Server
– BSD Variants

### 1.2 Web Server
– Apache
– Nginx
– IIS
– LiteSpeed

### 1.3 Framework Aplikasi
– Laravel, CodeIgniter, Symfony (PHP)
– ExpressJS, NestJS (Node.js)
– Rails (Ruby)
– Spring Boot (Java)
– Django/Flask (Python)

### 1.4 Database
– MySQL / MariaDB
– PostgreSQL
– MongoDB
– Redis
– Elasticsearch

### 1.5 Teknologi Frontend
– React
– Angular
– Vue
– jQuery

## 2. Tanda-Tanda (Indicators) untuk Fingerprinting

### 2.1 HTTP Headers
– `Server: nginx`
– `X-Powered-By: PHP/7.4`
– `X-AspNet-Version: 4.0`

### 2.2 TLS Fingerprinting
– Cipher suite,
– Certificate issuer,
– Supported protocols.

### 2.3 File & Folder Pattern
– `/wp-admin` → WordPress
– `/manager/html` → Tomcat
– `/graphql` → GraphQL endpoint

### 2.4 JavaScript Clues
Analisis file `.js` untuk menemukan library tertentu.

### 2.5 Favicon Hash Fingerprinting
Digunakan oleh Shodan/Censys untuk mengidentifikasi panel login, framework, dan server tertentu.

## 3. Risiko Umum yang Ditemukan dari Fingerprinting

– versi server yang sudah End-of-Life (EOL),
– default configuration exposure,
– panel admin yang mudah diakses,
– aplikasi menggunakan teknologi lama dan rentan,
– framework dengan CVE terbuka,
– library frontend dengan vulnerability known exploit.

## 4. Satu Blok Code Berisi Semua Perintah Fingerprinting (SIAP COPY)

Di bawah ini semua command yang digunakan untuk fingerprinting server, OS, framework, database, dan teknologi — **dalam satu blok code**:

“`bash
# ================================
# OS FINGERPRINTING
# ================================
nmap -O target.com
nmap -sV –script=os-fingerprint target.com
p0f -i eth0 # passive OS detection (sniffing only)

# ================================
# WEB SERVER FINGERPRINTING
# ================================
curl -I http://target.com
curl -I https://target.com
whatweb target.com
wappalyzer http://target.com

# Fingerprint web server via Nmap
nmap -sV -p80,443 target.com

# ================================
# TLS / CERTIFICATE FINGERPRINTING
# ================================
openssl s_client -connect target.com:443 -servername target.com
sslscan target.com
nmap –script=ssl-cert,ssl-enum-ciphers -p443 target.com

# ================================
# FRAMEWORK FINGERPRINTING
# ================================
curl -I http://target.com | grep “X-Powered-By”
curl -I http://target.com | grep “Set-Cookie”

# WordPress detection
whatweb target.com | grep WordPress
wpscan –url target.com –enumerate vp,vt,tt

# Detect JS frameworks
curl http://target.com/*.js

# ================================
# DIRECTORY / PATTERN INDICATORS
# ================================
curl -I http://target.com/wp-admin
curl -I http://target.com/administrator
curl -I http://target.com/manager/html
curl -I http://target.com/graphql

# ================================
# DATABASE FINGERPRINTING
# ================================
nmap -sV -p3306 target.com # MySQL
nmap -sV -p5432 target.com # PostgreSQL
nmap -sV -p27017 target.com # MongoDB
nmap -sV -p6379 target.com # Redis

# ================================
# FAVICON FINGERPRINTING
# ================================
curl -s http://target.com/favicon.ico | md5sum
# compare hash with known fingerprinting databases (Shodan/Censys)

# ================================
# CMS / PLATFORM ENUMERATION
# ================================
whatweb target.com
wappalyzer http://target.com

# ================================
# CLOUD PLATFORM INDICATORS
# ================================
nslookup target.com
dig target.com
host target.com

# Look for AWS/GCP/Azure headers or bucket URLs
curl -I http://assets.target.com

# ================================
# ADVANCED FINGERPRINTING
# ================================
nmap –script=http-headers -p80,443 target.com
nmap –script=http-server-header -p80,443 target.com
nmap –script=banner target.com

# ================================
# SUMMARY WORKFLOW
# ================================
nmap -O target.com -oN os.txt
nmap -sV -sC target.com -oN service.txt
curl -I http://target.com > headers.txt
whatweb target.com > whatweb.txt
sslscan target.com > ssl.txt

What are your Feelings

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *