Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

$ mkdir tools

Wappalyzer

Wappalyzer is a website reconnaissance tool used to identify the technology

stack of any website or web application. It can detect the frameworks. platforms,

and libraries used by our targets, which will come in handy for us in future

chapters when we attempt to discover vulnerabilities in old versions of web

application components.

Before you can install Wappalyzer, you need to download its dependencies,

Node.js, the Node Package Manager (NPM), and Yarn. Let’s start with Nodejs

and NPM:

$ curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -

$ sudo apt update

$ sudo apt install nodejs npm -y

To verify that Node.js and NPM are properly installed, run the following two

commands to get their versions:

$ node -v

$ npm -v

Next, let's install Yarn and verify that it is installed properly by checking its

version:

$ sudo npm install --global yarn

$ yarn -v

The --global flag makes the package available for other applications on

the computer to import and use.

Finally, install Wappalyzer from its GitHub repository:

$ cd ~/tools

$ git clone https://github.com/wappalyzer/wappalyzer.git

$ cd wappalyzer

$ yarn install

$ yarn run link

To verify that it properly installed, try the help command:

$ node src/drivers/npm/cli.js -h

You’ll notice that this command is not very intuitive to run, as no part of it

indicates that it is related to Wappalyzer. In “Assigning Aliases to Hacking Tools”

on page XX, we’ll set an alias so we can run the tool by using the command

wappalyzer.

RustScan

RustScan is a lightning-fast port scanner written in the Rust programming

language by Autumn (Bee) Skerritt (@bee_sec_san). Some claim that RustScan

can scan all 65,000 ports on a target in seconds!