`

we select the technologies array ([]) key, which contains a

bunch of items, each of which is a technology. Then, for each item,

we select the name, version, and confidence key names using

the {key_name} syntax.

Go ahead and run Wappalyzer against every web server weve

identified to see what technologies they run. Despite Wappalyzer’s

confidence level indication, avoid taking the findings at face value.

You should always triple-check that what tools report is true.

Summary

In this chapter, we put bash to use in many different ways. We

created dynamic target hosts lists; performed host discovery, port

scanning, and banner grabbing using multiple tools; created an

automated script to notify us of newly discovered hosts; and parsed

various tool results. In the next chapter, we’ll run vulnerability

scanners and fuzzers against these targets.

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks