How does arctil gather information
The arctil web security assessment tool uses a number of methods to check for valuable information. This ranges from simple things such as header inspection and default error pages all the way through to framework detection. Here's a full break down of the arctil information gathering techniques.
• Full path disclosure
Full path disclosure (FPD) if the process of learning the absolute path (location) of a file, alone this vulnerability is fairly harmless. However, full path disclosure can often be teamed with other vulnerabilities such as local file inclusion.
• Server misconfiguration
In this instance server misconfiguraion refers when an administrator has not removed software versions, these versions can sometimes be found within the request headers or default error pages. These software versions can be used to find pre-existing exploits.
• Software detection
Many websites use popular software such as a content management system or forum. Knowing the software running on a website can enable an attacker to narrow down their attack area and try publicly known exploits.
• Framework detection
Many websites and applications are using common major frameworks to aid in rapid development, arctil can detect some of these frameworks to help the attacker understand the target better.
• Default error pages
Default error pages can give up server information or can allow website enumeration through common basenames.
• Robots.txt checker
The robots.txt file is used to instruct search engines which files they're allowed to access, the main purpose of this is to prevent a crawler from overloading a website. Additionally, the robots file can be useful for attackers to aid in finding content such as restricted locations such as: admin or cpanel.
• Exposed email address
Exposed email addresses can lead to social engineering and targeted malware via email attachments.
• Exposed telephone numbers
Having telephone numbers exposed can open your company upto a number of threats including social engineering and spam phone calls.
• WAF detection
Web application firewalls are often used to help filter potentially harmful requests. Knowing a WAF is in place can help an attacker modify their requests and bypass this firewall.
• Missing security headers
Security headers are instructions used by web applications to aid in security a website.
• Information leakage
Information Leakage can include but is not limited to possible sensitive information being exposed in website source code.
• Broken links
Broken links can hurt website SEO or display default error pages.
• Internal server errors
Web page is returning 500 status code potentially displaying default error pages and exposing server information.
Still need help?
Are you having trouble using arctil? Why not try reaching out to our Community Forum.
Alternatively, you can try contacting us through the Contact page.