Tools and Website Used for Pen Testing

 Information on IP address of Website, Location of server on

which website is hosted: http://whois.domaintools.com/
One can look find various information like registrars info, server
info, location of server, date on which created , expiry date and
many more.

 Reverse IP check: Sometimes same server are assigned to host

more than one different domains or websites. This can result in
increased vulnerability of our website. No matter how secure our
website or domain is , if another site (vulnerable site) is hosted on
same server location then hacker may exploit our website through
that vulnerable site.
Website to check reverse IP check used is
https://www.yougetsignal.com/tools/web-sites-on-web-server/
 Wayback Machine: The Wayback Machine is a digital archive of
the World Wide Web and other information on the Internet. It was
launched in 2001 by the Internet Archive, a nonprofit organization.
The service enables users to see archived versions of web
pages across time, which the archive calls a "three dimensional
index". This website tells us history of a website.
https://web.archive.org/
 Web Data Extractor: This is an online tool used to extract
various data from the website. Data like Emails, phone no. etc are
generally extracted from website using this tool. An admin of
website generally decides whether the particular data can be
 extracted by client. If admin denies any type of extraction then we
the tool cant extract data.
Official website: http://www.webextractor.com/
 OWASP ZAP: OWASP ZAP is an open-source web application
security scanner. It is intended to be used by both those new to
application security as well as professional penetration testers.
Official website: https://www.owasp.org/index.php/Main_Page
 Netcraft Website: Netcraft is an Internet services company based
in Bath, Somerset, England. Netcraft is a provider of cybercrime
disruption services across a wide range of industries. Netcraft
provie an online facility to look Site report including various
information like server, registrar info and others useful for pen
testing.
Official website: https://www.netcraft.com/

Website: http://www.sagarratnamm.wordpress.com/
About This website:
Sagar Ratnamm started its first branch in Defence Colony in 1986 and
since then it has moved on to become the most preferred destination for
South Indian cuisines across the country. Within a short span Sagar
Ratnamm has spread its wings far and wide and today with more than 90
restaurants, Sagar Ratnamm has established its presence in the National
Capital Region (NCR) through company owned restaurants and in
various prominent cities of North India through franchise outlets.
Having won numerous awards in the Hospitality industry in various
categories over the years, Sagar Ratnamm continues to delight its
customers with its authentic South Indian food cooked fresh many times
a day.

IP address of website:
IP address of this website is 192.0.78.12. The website used to find out IP
address is http://whois.domaintools.com .

After pressing Search button, the website returned with IP address of

entered website along with other information vital for pen testing like
when it was created when it will expire, location of IP address, server
information etc.

Following details also came up:

  The Location of web server on which this website is hosted is
California -San Francisco, USA.
 TYPE of Server on which this website is hosted is nginx
 Nginx is a web server which can also be used as a reverse
proxy, load balancer, mail proxy and HTTP cache.
 The website was first created on 2000-03-03 and will expire on
2020-03-03. So it is currently 7061 days old.

Reverse IP Domain Check

WEBSITE used is https://www.yougetsignal.com/tools/web-sites-on-
web-server/
When we check website http://www.sagarratnamm.wordpress.com/
on this website, we find around 900 domains being hosted at same server
which make this website a vulnerable one.
Some domains hosted on the same server are
http://0.wordpress.com/
http://acusetiawan.wordpress.com/
http://alexandrverba.wordpress.com/
http://amorezanzara.wordpress.com/
http://alpha180.wordpress.com/
http://bibliocosme.wordpress.com/
http://engageonline.wordpress.com/
http://ffugm.wordpress.com/
http://immuneactivator.wordpress.com/
and many more domains.

Technology used by the web server on which this website is

hosted:
 1. Nginx
2. Wordpress
3. JQuery
4. MySQL
5. Gravator
6. PHP
7. Google Font API
Following website was used: https://www.wappalyzer.com/

Vulnerabilities Check
To test and check vulnerabilities present in the website we use a
powerful and free tool called OWASP ZAP.
Start Window of OWASP ZAP

Click on Automated Scan

Enter The url and click on Attack Button.

After the attack is finished generate the report either in XML or HTML
report.

HTML report
In the website, we found total 17 alerts of which 1 alert was a high, 3
were medium and 12 were low reports. Another report was
informational report on our website. Along with alert other data is also
shown like solutions to the alert, URL where vulnerability is present and
other important info.
High alert was found for SQL injection vulnerability. This vulnerability
is widely faced problem in todays web database systems using SQL. It
allows attacker to execute database query in URL and gain access to
some confidential information.
SQL Injection (SQLi) is a type of an injection attack that makes it
possible to execute malicious SQL statements. These statements control
a database server behind a web application. Attackers can use SQL
Injection vulnerabilities to bypass application security measures.
Click to look for OWASP ZAP Report for this website
In this website, SQL injection vulnerability was found at URL:
https://sagarratnamm.wordpress.com/wp-comments-post.php
Some solutions to the problem are:

 Do not trust client side input, even if there is client side validation
in place.
 If database Stored Procedures can be used, use them
 Grant the minimum database access that is necessary for the
application.
 Do not create dynamic SQL queries using simple string
concatenation.
DATA Extraction:.
For web data extraction we use a online web tool called Web data
Extractor.
Using this tool we cannot extract any data from this site.
Website: http://www.rmlhospital.wordpress.com/
About This website:
Our mission is keeping you healthy… And fit The Mission of Reading
Hospital is to provide compassionate, accessible, high quality, cost
effective healthcare to the community; to promote health; to educate
healthcare professionals; and to participate in appropriate clinical
research.

IP address of website:
IP address of this website is 192.0.78.12. The website used to find out IP
address is http://whois.domaintools.com .

After pressing Search button, the website returned with IP address of

entered website along with other information vital for pen testing like
when it was created when it will expire, location of IP address, server
information etc.
Following details also came up:

 The Location of web server on which this website is hosted is

California -San Francisco, USA.
 TYPE of Server on which this website is hosted is nginx
 Nginx is a web server which can also be used as a reverse
proxy, load balancer, mail proxy and HTTP cache.
 The website was first created on 2000-03-03 and will expire on
2020-03-03. So it is currently 7061 days old.

Reverse IP Domain Check

WEBSITE used is https://www.yougetsignal.com/tools/web-sites-on-
web-server/
When we check website http://www.rmlhospital.wordpress.com/ on
this website, we find around 900 domains being hosted at same server
which make this website an vulnerable one.
Some domains hosted on the same server are
http://0.wordpress.com/
http://acusetiawan.wordpress.com/
http://alexandrverba.wordpress.com/
http://amorezanzara.wordpress.com/
http://alpha180.wordpress.com/
http://bibliocosme.wordpress.com/
http://engageonline.wordpress.com/
http://ffugm.wordpress.com/
http://immuneactivator.wordpress.com/
and many more domains.
Technology used by the web server on which this website is
hosted:
1. Nginx
2. Wordpress
3. JQuery
4. MySQL
5. Gravator
6. PHP
7. Google Font API
8. HTTP/2
9. Amazon web services
Following website was used: https://www.wappalyzer.com/
Vulnerabilities Check
To test and check vulnerabilities present in the website we use a
powerful and free tool called OWASP ZAP.
Start Window of OWASP ZAP

Click on Automated Scan

Enter The url and click on Attack Button.
After the attack is finished generate the report either in XML or HTML
report.
In the website, we found total 5 alerts of which 1 was medium and 4
were low reports. No report was informational report on our website.
Also no high alert message was encountered meaning it is more secure
than the previous one. Along with alert other data is also shown like
solutions to the alert, URL where vulnerability is present and other
important info.
Click to look for OWASP ZAP Report for this website

DATA Extraction
For web data extraction we use a online web tool called Web data
Extractor.
Website of this tool is http://www.webextractor.com/index.htm
Using this tool we cannot extract any data from this site.
Website: http://www.havelee.wordpress.com/
About This website:
Haveli is popular for great Quality food, fairly fast friendly service. Our
2 branches are Karnal Havelli and GT Road Havelli.

IP address of website:
IP address of this website is 192.0.78.12. The website used to find out IP
address is http://whois.domaintools.com .

After pressing Search button, the website returned with IP address of

entered website along with other information vital for pen testing like
when it was created when it will expire, location of IP address, server
information etc.
Following details also came up:

 The Location of web server on which this website is hosted is

California -San Francisco, USA.
 TYPE of Server on which this website is hosted is nginx
 Nginx is a web server which can also be used as a reverse
proxy, load balancer, mail proxy and HTTP cache.
 The website was first created on 2000-03-03 and will expire on
2020-03-03. So it is currently 7061 days old.

Reverse IP Domain Check

WEBSITE used is https://www.yougetsignal.com/tools/web-sites-on-
web-server/
When we check website http://www.havelee.wordpress.com// on this
website, we find around 900 domains being hosted at same server which
make this website an vulnerable one.
Some domains hosted on the same server are
http://0.wordpress.com/
http://acusetiawan.wordpress.com/
http://alexandrverba.wordpress.com/
http://amorezanzara.wordpress.com/
http://alpha180.wordpress.com/
http://bibliocosme.wordpress.com/
http://engageonline.wordpress.com/
http://ffugm.wordpress.com/
http://immuneactivator.wordpress.com/
and many more domains.
Technology used by the web server on which this website is
hosted:
1. Nginx
2. Wordpress
3. JQuery
4. MySQL
5. Gravator
6. PHP
7. Google Font API
8. Jquery Migrate
Following website was used: https://www.wappalyzer.com/
Vulnerabilities Check
To test and check vulnerabilities present in the website we use a
powerful and free tool called OWASP ZAP.
Start Window of OWASP ZAP

Click on Automated Scan

Enter The url and click on Attack Button.

After the attack is finished generate the report either in XML or HTML
report.

Click to look for OWASP ZAP Report for this website

DATA Extraction:
For web data extraction we use a online web tool called Web data
Extractor.
Website of this tool is http://www.webextractor.com/index.htm
Using this tool we cannot extract any data from this site.