search
top

Wappalyzer – Identify technology on websites

Wappalyzer – Identify technology on websites

During one of my SANS vLive courses I am currently taking part in. My instructor introduced us to a nifty tool called Wappalyzer. He said he does use it as “one” of his tools of arsenal for pentesting servers and websites. I decided to take a look for myself since it wasn’t part of our SANS course. And, when you have a SANS instructor discussing a tool they use… well you just can’t go wrong by checking it out for yourself.

Finding technologies on a website

One of the most important aspects of pen testing online is to conduct proper recon. You need information to be able to devise a plan to more forward with the pen test. Information gathering is key and Wappalyzer can definetly help with recon. I decided to use Stealthbay.com as an example to see what type of technologies would show up. (more…)

Forcing HTTPS on Websites (.htaccess)

HTTPS Site Wide

So, I wanted to write up a quick tutorial on using HTTPS globally or on certain directories of a website.

I had a friend asking me about how they could force HTTPS throughout their whole website. So, I listed a tutorial below to do so and he was able to accomplish HTTPS site wide.

Now, there are multiple ways this can be achieved. In the case of my friend he was on a shared hosting web server. Therefore,  shared webhosting users normally will not have access to modify the apache config files.

So that leaves us with a simple solution (htaccess) that all users can make use of fairly easily. All it required is a file edit or creation of a file and the ability to FTP or upload it to your web root directory.

What is an htaccess file?

(more…)

top