{
	"id": "1315a5e8-6256-4748-aaae-dbfaecf73052",
	"created_at": "2026-04-06T02:11:04.89343Z",
	"updated_at": "2026-04-10T03:21:07.246615Z",
	"deleted_at": null,
	"sha1_hash": "4e0a9de8ea5f54df58ebdb521ae24461b27675d3",
	"title": "OAT-004 Fingerprinting - OWASP",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 62437,
	"plain_text": "OAT-004 Fingerprinting - OWASP\r\nArchived: 2026-04-06 01:56:53 UTC\r\nThis is an automated threat. To view all automated threats, please see the Automated Threat Category page. The\r\nOWASP Automated Threat Handbook - Wed Applications (pdf, print), an output of the OWASP Automated\r\nThreats to Web Applications Project, provides a fuller guide to each threat, detection methods and\r\ncountermeasures. The threat identification chart helps to correctly identify the automated threat.\r\nDefinition\r\nOWASP Automated Threat (OAT) Identity Number\r\nOAT-004\r\nThreat Event Name\r\nFingerprinting\r\nSummary Defining Characteristics\r\nElicit information about the supporting so ware and framework types and versions.\r\nIndicative Diagram\r\nDescription\r\nhttps://wiki.owasp.org/index.php/OAT-004_Fingerprinting\r\nPage 1 of 2\n\nSpecific requests are sent to the application eliciting information in order to profile the application. This probing\r\ntypically examines HTTP header names and values, session identifier names and formats, contents of error page\r\nmessages, URL path case sensitivity, URL path patterns, file extensions, and whether software-specific files and\r\ndirectories exist. Fingerprinting is often reliant on information leakage and this profiling may also reveal some\r\nnetwork architecture/topology. The fingerprinting may be undertaken without any direct usage of the application,\r\ne.g. by querying a store of exposed application properties such as held in a search engine's index.\r\nFingerprinting seeks to identity application components, whereas OAT-018 Footprinting is a more detailed\r\nanalysis of how the application works.\r\nOther Names and Examples\r\nGoogle dorking; Google hacking; Shodaning; Target acquisition; Target scanning; Finding potentially vulnerable\r\napplications; Reconnaissance; URL harvesting; Web application fingerprinting\r\nSee Also\r\nOAT-011 Scraping\r\nOAT-018 Footprinting\r\nCross-References\r\nCAPEC Category / Attack Pattern IDs\r\n541 Application Fingerprinting\r\n170 Web Application Fingerprinting\r\nCWE Base / Class / Variant IDs\r\n200 Information Exposure\r\nWASC Threat IDs\r\n45 Fingerprinting\r\nOWASP Attack Category / Attack IDs\r\n-\r\nSource: https://wiki.owasp.org/index.php/OAT-004_Fingerprinting\r\nhttps://wiki.owasp.org/index.php/OAT-004_Fingerprinting\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://wiki.owasp.org/index.php/OAT-004_Fingerprinting"
	],
	"report_names": [
		"OAT-004_Fingerprinting"
	],
	"threat_actors": [],
	"ts_created_at": 1775441464,
	"ts_updated_at": 1775791267,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4e0a9de8ea5f54df58ebdb521ae24461b27675d3.pdf",
		"text": "https://archive.orkl.eu/4e0a9de8ea5f54df58ebdb521ae24461b27675d3.txt",
		"img": "https://archive.orkl.eu/4e0a9de8ea5f54df58ebdb521ae24461b27675d3.jpg"
	}
}