How does arctil gather information

The arctil web security assessment tool uses a number of methods to check for valuable information. This ranges from simple things such as header inspection and default error pages all the way through to framework detection. Here's a full break down of the arctil information gathering techniques.

Information gathering

• Full path disclosure

Full path disclosure (FPD) if the process of learning the absolute path (location) of a file, alone this vulnerability is fairly harmless. However, full path disclosure can often be teamed with other vulnerabilities such as local file inclusion.

• Server misconfiguration

In this instance server misconfiguraion refers when an administrator has not removed software versions, these versions can sometimes be found within the request headers or default error pages. These software versions can be used to find pre-existing exploits.

• Software detection

Many websites use popular software such as a content management system or forum. Knowing the software running on a website can enable an attacker to narrow down their attack area and try publicly known exploits.

• Framework detection

Many websites and applications are using common major frameworks to aid in rapid development, arctil can detect some of these frameworks to help the attacker understand the target better.

• Default error pages

Default error pages can give up server information or can allow website enumeration through common basenames.

• Robots.txt checker

The robots.txt file is used to instruct search engines which files they're allowed to access, the main purpose of this is to prevent a crawler from overloading a website. Additionally, the robots file can be useful for attackers to aid in finding content such as restricted locations such as: admin or cpanel.

• Exposed email address

Exposed email addresses can lead to social engineering and targeted malware via email attachments.

• Exposed telephone numbers

Having telephone numbers exposed can open your company upto a number of threats including social engineering and spam phone calls.

• WAF detection

Web application firewalls are often used to help filter potentially harmful requests. Knowing a WAF is in place can help an attacker modify their requests and bypass this firewall.

• Missing security headers

Security headers are instructions used by web applications to aid in security a website.

• Information leakage

Information Leakage can include but is not limited to possible sensitive information being exposed in website source code.

• Broken links

Broken links can hurt website SEO or display default error pages.

• Internal server errors

Web page is returning 500 status code potentially displaying default error pages and exposing server information.

Still need help?

Are you having trouble using arctil? Why not try reaching out to our Community Forum.

Alternatively, you can try contacting us through the Contact page.