wig-ng Pentest Course
# Section 5: Mastering wig-ng for Web Application Reconnaissance
## Installation and Configuration on Kali Linux
Before diving into the usage and functionalities of `wig-ng`, it is essential to have it properly installed and configured on your Kali Linux environment. `wig-ng` (Web Information Gathering – Next Generation) is a powerful tool designed for web application reconnaissance, enabling penetration testers to gather critical information from target websites.
### Step 1: Update Kali Linux
To ensure that you have the latest packages and dependencies, begin with updating your Kali Linux installation. Open your terminal and execute the following commands:
sudo apt update && sudo apt upgrade -y
### Step 2: Installing wig-ng
On Kali Linux, `wig-ng` is often pre-installed as part of the distribution. To check if it is available, type:
If the tool is not found, you can install it using the following command:
### Step 3: Verifying Installation
After installation, verify that `wig-ng` is correctly installed by checking its version again:
You should see output indicating the version of `wig-ng` installed.
## Configuration
`wig-ng` typically requires minimal configuration, but you might want to customize its behavior using a configuration file. The configuration file can be found at `/etc/wig-ng/config.json`. Open and edit this file as needed:
sudo nano /etc/wig-ng/config.json
You can adjust settings such as timeout, user-agent strings, and other options based on your testing requirements.
## Step-by-Step Usage of wig-ng
Now that `wig-ng` is installed and configured, let's walk through its functionality using command-line options and real-world use cases.
### Basic Usage
The basic command syntax for wig-ng is as follows:
Where `
` is the URL of the website or web application you wish to analyze.
### Example 1: Basic Reconnaissance
To perform a basic reconnaissance on a target website, use the following command:
wig-ng https://example.com
This command will initiate a scan on `https://example.com` and return various pieces of information, such as:
– Server type
– Technologies used (e.g., CMS, frameworks)
– Open ports
– Admin panel locations
– Version numbers
### Example 2: Using Advanced Options
`wig-ng` supports various options to refine your search. Consider using the `-u` or `–user-agent` option to simulate requests from different browsers. For example, to set a user agent that mimics Chrome, use:
wig-ng -u "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" https://example.com
### Example 3: Outputting Results
To save the output of your reconnaissance to a file for later analysis, you can use the `-o` option to specify the output file:
wig-ng -o output.txt https://example.com
The results will be saved in `output.txt`, which can be reviewed to identify potential vulnerabilities or weaknesses in the web application.
## Real-World Use Cases
### Use Case 1: WordPress Reconnaissance
WordPress is a commonly targeted platform due to its popularity. By using `wig-ng`, you can effectively determine if a WordPress site is vulnerable to known exploits.
#### Step 1: Identifying WordPress Version
You can use `wig-ng` to identify the version of WordPress running on a target site. Execute:
wig-ng https://examplewordpresssite.com
Check the output for any version information related to WordPress. Knowing the version can help in exploiting known vulnerabilities.
#### Step 2: Finding Vulnerable Plugins
To further your reconnaissance, you can check specifically for vulnerable plugins. For instance, if you suspect that a plugin named "Contact Form 7" is in use, you can search for it:
wig-ng –plugins "Contact Form 7" https://examplewordpresssite.com
#### Example Code Block for WordPress
Here is a code snippet showcasing how you can use `wig-ng` to explore a WordPress site and save the results:
# Basic WordPress reconnaissance
wig-ng https://examplewordpresssite.com
# Save WordPress version and plugin analysis
wig-ng –plugins "Contact Form 7" -o wordpress_analysis.txt https://examplewordpresssite.com
### Use Case 2: Targeting E-commerce Sites
E-commerce platforms can be vulnerable to various types of attacks. `wig-ng` can help identify weaknesses in such systems.
#### Step 1: E-commerce Application Scan
Perform a reconnaissance scan on a target e-commerce website:
wig-ng https://exampleecommerce.com
Look for key indicators such as payment processors, CMS details, and third-party integrations that may be vulnerable.
### Step 2: Data Collection
Collect useful information based on the output, such as:
– Payment gateway information
– User login paths
– Administrator access points
## Detailed Technical Explanations
### Understanding the Output
`wig-ng` provides output in a structured format, typically outlining:
– **Server Information:** Details regarding the server hosting the website.
– **Technology Stack:** Information about frameworks and languages used, which is vital for identifying attack vectors.
– **Known Vulnerabilities:** Automatic checks against a database of vulnerabilities related to detected technologies.
### How wig-ng Works
`wig-ng` utilizes a combination of HTTP requests, headers analysis, and specific fingerprints to identify technologies. It parses HTTP responses to extract usable data about the structure and security posture of the web application.
### External References
To enhance your understanding and stay updated, check the following resources:
– [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/latest/)
– [Kali Linux Official Documentation](https://www.kali.org/docs/)
– [CVE Details for WordPress Plugins](https://www.cvedetails.com/product/25493/Wordpress-Wordpress.html?vendor_id=1334)
## Conclusion
In this course section, we explored `wig-ng`, a powerful tool for web application reconnaissance. From installation to practical real-world examples, understanding how to effectively use `wig-ng` can significantly enhance your web application security assessments. Always remember to use such tools ethically, adhering to legal boundaries and guidelines.
Made by pablo rotem / פבלו רותם
