Penetration TestingVulnerability Analyses

WIG – Webserver Fingerprinting, Detect CMS and WebApps

WIG is a web application reconnaissance and vulnerability scanner tool, which is able to identify various Content Management Systems (CMS) and other administrative web applications. Wig can also attempt to do OS fingerprinting to webserver.

Wig’s fingerprinting scenario is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Wig also tries to guess the operating system running on the server based on headers the ‘server’ and ‘x-powered-by’. Wig has database containing known header values for different operating systems, which allows wig to guess every OS version.


Download wig project to local drive, run following commands:

[email protected]:~$ git clone
[email protected]:~$ cd wig


WIG - Webserver Fingerprinting, Detect CMS and WebApps


Wig can only run on minimum python 3. Type following command to display help menu and options.

[email protected]:~/wig$ python3 -h


WIG - Webserver Fingerprinting, Detect CMS and WebApps

Now, after read all available options lets scan a target. Type:

[email protected]:~/wig$ python3 [Target URL] -vvv

As you can see above image, wig take time 205.6 seconds or about 3 minutes to scan the target. And the wig vulnerability report said that target has security hole on joomla version 2.5.4 and display the reference link on Simple enough? now you know what vuln the target has, and then decided the appropriate exploit or hack methods against the target. Good luck!

Related Articles

Back to top button