[Web-Sorrow v1.5] Versatile security scanner for the information disclosure and fingerprinting phases of pentesting


Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks.

Web Services: a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints

Authentication areas: logins, admin logins, email webapps

Bruteforce: Subdomains, Files and Directories

Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host

AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities)