Tag: Reconnaissance

Site Probing: How Attackers Scan and Map Your Web Application

May 14, 2026

Site Probing is the initial reconnaissance phase of any web application attack. The attacker systematically maps the web application’s structure, pages, parameters, OS, database, and infrastructure — building a complete profile before launching targeted exploits.

Probing Methodology

  1. OS Detection: Identify via HTTP response headers, file extensions, or automated tools.
  2. Infrastructure Mapping: Directory traversal, database server identification, content platform discovery.
  3. Application Scanning: Map all pages, dynamic parameters, cookies, and transaction flows.

Attacker Techniques During Probing

TechniqueGoal
Non-Existent URLsGenerate error messages that reveal application structure
Long Parameter ValuesDetect buffer overflow candidates
Unauthorized Path AccessFind unprotected admin paths (/iisadmin/, /iissamples/)
Adding/Removing ParametersIdentify required vs optional parameters per URL

Important: Ports 80 and 443 must remain open for business. Traditional firewalls and IDS/IPS do not protect against application-layer probing — a dedicated Web Application Firewall (WAF) is required.

Prevention Guidance

  • Disable unnecessary protocols and lock down ports with firewall rules.
  • Configure web servers to suppress banner information.
  • Deploy an IDS configured to detect and reject scanning patterns.

Footprinting: How Hackers Build a Profile of Your Organisation

May 14, 2026

Footprinting is the first step in any targeted intrusion — building a comprehensive profile of a target organisation including domain names, IP addresses, open ports, services, OS details, user accounts, routing tables, and SNMP information.

Footprinting Techniques

TechniquePurpose
Ping SweepIdentify which IP addresses in a range are alive
TCP ScanDetermine open services on target hosts
UDP ScanProbe UDP ports; ICMP “unreachable” replies indicate no service
OS IdentificationSend malformed packets; unique responses fingerprint the OS
HTTP FingerprintingIdentify web server type from headers and error responses

HTTP Fingerprinting Example

nc 200.44.76.254 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Server: Apache/1.3.3 (Unix) (Red Hat/Linux)

The Server header directly reveals the web server software and OS. Best practice: suppress or customise this banner.

Prevention Guidance

  • Shut down unnecessary services and ports; perform post-installation hardening.
  • Suppress or customise HTTP server banners.
  • Keep all patches current — daily or weekly if possible.
  • Use an IDS configured to detect footprinting patterns.
  • Change all default passwords after every installation.
  • Lock consoles physically — an unlocked desktop gives instant network access.