Fingerprinting with Spaghetti

In this tutorial I would like to introduce Spaghetti. Spaghetti is a cool project by m4ll0k on GitHub written in Python with less dependencies. The main idea behind Spaghetti is to find out fingerprints from Server, Web Frameworks, WAF, CMS, OS and languages. The following tutorial will show you how to set up and use spaghetti quickly and easily.

Requirements

Python (2.7.x)
Virtualenv

Prepare Project

# create directory
$ mkdir -p ~/Projects/Spaghetti && cd cd ~/Projects/Spaghetti

# create makefile
$ vim Makefile

VIRTUALENV_DIR = .env

.PHONY: destroy

CURRENT_DIR := $(shell pwd)
INTERPRETER = $(CURRENT_DIR)/$(VIRTUALENV_DIR)/bin
PATH := ${PATH}:$(INTERPRETER)/

help :
	@echo "Usage: $ make <target>"
	@echo " > create    : create project"
	@echo " > destroy   : destroy project"

create :
	@echo "[RUN]: clone from git"
	@git clone https://github.com/m4ll0k/Spaghetti.git
	@make env

destroy :
	@echo "[RUN]: destroy project"
	@rm -fr ./$(VIRTUALENV_DIR)/
	@rm -fr ./Spaghetti/

env :
	@echo "[RUN]: create virtualenv"
	@virtualenv $(VIRTUALENV_DIR) && \
	. $(VIRTUALENV_DIR)/bin/activate
	@make deps

deps :
	@echo "[RUN]: install dependencies"
	@$(INTERPRETER)/pip install -r $(CURRENT_DIR)/Spaghetti/requirements.txt

Usage

# create project
$ make create

# create alias
$ alias spaghetti="~/Projects/Spaghetti/.env/bin/python ~/Projects/Spaghetti/Spaghetti/spaghetti.py"

# check alias is created (optional)
$ compgen -a | grep 'spaghetti'

# show help
$ spaghetti --help

# run full scan with random agent and verbose mode
$ spaghetti --url http://google.ch --scan 0 --random-agent --verbose

# remove alias
$ unalias spaghetti

# destroy everything
$ make destroy

– Softwaretester –

knowledge is power