Fingerprinting with Spaghetti

In this tutorial I would like to introduce Spaghetti. Spaghetti is a cool project by m4ll0k on GitHub written in Python with less dependencies. The main idea behind Spaghetti is to find out fingerprints from Server, Web Frameworks, WAF, CMS, OS and languages. The following tutorial will show you how to set up and use spaghetti quickly and easily.


  • Python (2.7.x)
  • Virtualenv

Prepare Project

# create directory
$ mkdir -p ~/Projects/Spaghetti && cd cd ~/Projects/Spaghetti

# create makefile
$ vim Makefile

.PHONY: destroy

CURRENT_DIR := $(shell pwd)

help :
	@echo "Usage: $ make <target>"
	@echo " > create    : create project"
	@echo " > destroy   : destroy project"

create :
	@echo "[RUN]: clone from git"
	@git clone
	@make env

destroy :
	@echo "[RUN]: destroy project"
	@rm -fr ./$(VIRTUALENV_DIR)/
	@rm -fr ./Spaghetti/

env :
	@echo "[RUN]: create virtualenv"
	@virtualenv $(VIRTUALENV_DIR) && \
	. $(VIRTUALENV_DIR)/bin/activate
	@make deps

deps :
	@echo "[RUN]: install dependencies"
	@$(INTERPRETER)/pip install -r $(CURRENT_DIR)/Spaghetti/requirements.txt


# create project
$ make create

# create alias
$ alias spaghetti="~/Projects/Spaghetti/.env/bin/python ~/Projects/Spaghetti/Spaghetti/"

# check alias is created (optional)
$ compgen -a | grep 'spaghetti'

# show help
$ spaghetti --help

# run full scan with random agent and verbose mode
$ spaghetti --url --scan 0 --random-agent --verbose

# remove alias
$ unalias spaghetti

# destroy everything
$ make destroy