example@ linuxwar : websploit select cloudfare www.exampleweb.com
Now after getting the interface you can install
cloud flare in any of the
sample websites to check whether it works or not. The working process of
cloud fare deals with changing the original network address of the system to
one of its servers. Thus, if there are any injection attacks or brute force
attacks it would stop or ban that address at once.
Cloud fare acts like an
intrusion detection system for the websites at a very low cost.
Why the cloud flare is still easy to bypass ?
As we said before it just spoofs the attacker with an IP address. Many
hackers started collecting hundreds of Cloudflare addresses and started to
abandon them whenever they attack. Some tricks can be still used like using
this cloud flare scanner to find all the IP addresses that the website hosts
with.
In the next, we will learn about uniscan one
of the most important web
fingerprinting tools.
Uniscan
Uniscan is used normally for the remote code execution or remote file
insertion of the vulnerability scanners. It also can perform network
commands
like ping, traceroute, software detection.
Here is the command that searches to determine the operating system using
the uniscan
example@ linuxwar :
uniscan select domain
Uniscan also provides a tool like NMap open port detection. It specifically
checks the os version of the server and scans the service.
Uniscan also provides a way to report the scanning reports using the export
options as shown below
example@ linuxwar : uniscan export domain to domai n
With this, we have completed a brief introduction to uniscan and would
now leave for the next section which will
deal with the listing of
subdirectories.
Sublist3r
Websites consist of a lot of subdomains. Usually, domains that are in the
scope can be used easily to manipulate using applications like burp suite.
For suppose, Gmail has a lot of subdomains and if we can find access to
one of these, we can easily manipulate the whole website.
This is the reason why subdomain enumeration is one of the most important
concepts hackers should learn. We have a lot of tools that will help us find
subdomains.
In this section, we will use a sublist3r to do the task.
Sublist3r is not present in the Kali Linux tools list. For this reason, we need
to install it from the git repository. Below we explain how to install
sublist3r. You can use this method to install any third-party applications that
are not available in the Kali Linux repository
