API tools faq
paste
Advertisement
TVT618

[Linux] WhatWeb - Next generation website security scanner

TVT618
Mar 31st, 2018
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.82 KB | None | 0 0
raw download clone embed print report
  1. [Linux]
  2. WhatWeb - Next generation website security scanner
  3.  
  4. About WhatWeb
  5. Author: Andrew Horton & Brendan Colese
  6. License: GNU General Public License, version 2
  7.  
  8. WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
  9.  
  10. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
  11.  
  12. Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. “, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.
  13.  
  14. Features
  15. * Over 1700 plugins
  16. * Control the trade off between speed/stealth and reliability
  17. * Plugins include example URLs
  18. * Performance tuning. Control how many websites to scan concurrently.
  19. * Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, and
  20. * ElasticSearch.
  21. * Proxy support including TOR
  22. * Custom HTTP headers
  23. * Basic HTTP authentication
  24. * Control over webpage redirection
  25. * Nmap-style IP ranges
  26. * Fuzzy matching
  27. * Result certainty awareness
  28. * Custom plugins defined on the command line
  29.  
  30. WhatWeb Help
  31. root@kali:~# whatweb -h
  32.  
  33. .$$$ $. .$$$ $.
  34. $$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$.
  35. $ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.
  36. $ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$'
  37. $. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$.
  38. $::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$
  39. $;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$
  40. $$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
  41.  
  42. WhatWeb - Next generation web scanner version 0.4.9.
  43. Developed by Andrew Horton aka urbanadventurer and Brendan Coles.
  44. Homepage: http://www.morningstarsecurity.com/research/whatweb
  45.  
  46. Usage: whatweb [options] <URLs>
  47.  
  48. TARGET SELECTION:
  49. <TARGETs> Enter URLs, hostnames, IP adddresses,
  50. filenames, or nmap-format IP address ranges.
  51. --input-file=FILE, -i Read targets from a file. You can pipe
  52. hostnames or URLs directly with -i /dev/stdin.
  53.  
  54. TARGET MODIFICATION:
  55. --url-prefix Add a prefix to target URLs.
  56. --url-suffix Add a suffix to target URLs.
  57. --url-pattern Insert the targets into a URL.
  58. e.g. example.com/%insert%/robots.txt
  59.  
  60. AGGRESSION:
  61. The aggression level controls the trade-off between speed/stealth and
  62. reliability.
  63. --aggression, -a=LEVEL Set the aggression level. Default: 1.
  64. 1. Stealthy Makes one HTTP request per target and also
  65. follows redirects.
  66. 3. Aggressive If a level 1 plugin is matched, additional
  67. requests will be made.
  68. 4. Heavy Makes a lot of HTTP requests per target. URLs
  69. from all plugins are attempted.
  70.  
  71. HTTP OPTIONS:
  72. --user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.9.
  73. --header, -H Add an HTTP header. eg "Foo:Bar". Specifying a
  74. default header will replace it. Specifying an
  75. empty value, e.g. "User-Agent:" will remove it.
  76. --follow-redirect=WHEN Control when to follow redirects. WHEN may be
  77. `never', `http-only', `meta-only', `same-site',
  78. `same-domain' or `always'. Default: always.
  79. --max-redirects=NUM Maximum number of redirects. Default: 10.
  80.  
  81. AUTHENTICATION:
  82. --user, -u=<user:password> HTTP basic authentication.
  83. --cookie, -c=COOKIES Use cookies, e.g. 'name=value; name2=value2'.
  84.  
  85. PROXY:
  86. --proxy <hostname[:port]> Set proxy hostname and port.
  87. Default: 8080.
  88. --proxy-user <username:password> Set proxy user and password.
  89.  
  90. PLUGINS:
  91. --list-plugins, -l List all plugins.
  92. --info-plugins, -I=[SEARCH] List all plugins with detailed information.
  93. Optionally search with keywords in a comma
  94. delimited list.
  95. --search-plugins=STRING Search plugins for a keyword.
  96. --plugins, -p=LIST Select plugins. LIST is a comma delimited set
  97. of selected plugins. Default is all.
  98. Each element can be a directory, file or plugin
  99. name and can optionally have a modifier, +/-.
  100. Examples: +/tmp/moo.rb,+/tmp/foo.rb
  101. title,md5,+./plugins-disabled/
  102. ./plugins-disabled,-md5
  103. -p + is a shortcut for -p +plugins-disabled.
  104.  
  105. --grep, -g=STRING Search for STRING in HTTP responses. Reports
  106. with a plugin named Grep.
  107. --custom-plugin=DEFINITION Define a custom plugin named Custom-Plugin,
  108. Examples: ":text=>'powered by abc'"
  109. ":version=>/powered[ ]?by ab[0-9]/"
  110. ":ghdb=>'intitle:abc "powered by abc"'"
  111. ":md5=>'8666257030b94d3bdb46e05945f60b42'"
  112. "{:text=>'powered by abc'}"
  113. --dorks=PLUGIN List Google dorks for the selected plugin.
  114.  
  115. OUTPUT:
  116. --verbose, -v Verbose output includes plugin descriptions.
  117. Use twice for debugging.
  118. --colour,--color=WHEN control whether colour is used. WHEN may be
  119. `never', `always', or `auto'.
  120. --quiet, -q Do not display brief logging to STDOUT.
  121. --no-errors Suppress error messages.
  122.  
  123. LOGGING:
  124. --log-brief=FILE Log brief, one-line output.
  125. --log-verbose=FILE Log verbose output.
  126. --log-errors=FILE Log errors.
  127. --log-xml=FILE Log XML format.
  128. --log-json=FILE Log JSON format.
  129. --log-sql=FILE Log SQL INSERT statements.
  130. --log-sql-create=FILE Create SQL database tables.
  131. --log-json-verbose=FILE Log JSON Verbose format.
  132. --log-magictree=FILE Log MagicTree XML format.
  133. --log-object=FILE Log Ruby object inspection format.
  134. --log-mongo-database Name of the MongoDB database.
  135. --log-mongo-collection Name of the MongoDB collection.
  136. Default: whatweb.
  137. --log-mongo-host MongoDB hostname or IP address.
  138. Default: 0.0.0.0.
  139. --log-mongo-username MongoDB username. Default: nil.
  140. --log-mongo-password MongoDB password. Default: nil.
  141. --log-elastic-index Name of the index to store results. Default: whatweb
  142. --log-elastic-host Host:port of the elastic http interface. Default: 127.0.0.1:9200
  143.  
  144. PERFORMANCE & STABILITY:
  145. --max-threads, -t Number of simultaneous threads. Default: 25.
  146. --open-timeout Time in seconds. Default: 15.
  147. --read-timeout Time in seconds. Default: 30.
  148. --wait=SECONDS Wait SECONDS between connections.
  149. This is useful when using a single thread.
  150.  
  151. HELP & MISCELLANEOUS:
  152. --short-help Short usage help.
  153. --help, -h Complete usage help.
  154. --debug Raise errors in plugins.
  155. --version Display version information.
  156.  
  157. EXAMPLE USAGE:
  158. * Scan example.com.
  159. ./whatweb example.com
  160. * Scan reddit.com slashdot.org with verbose plugin descriptions.
  161. ./whatweb -v reddit.com slashdot.org
  162. * An aggressive scan of wired.com detects the exact version of WordPress.
  163. ./whatweb -a 3 www.wired.com
  164. * Scan the local network quickly and suppress errors.
  165. whatweb --no-errors 192.168.0.0/24
  166. * Scan the local network for https websites.
  167. whatweb --no-errors --url-prefix https:// 192.168.0.0/24
  168. * Scan for crossdomain policies in the Alexa Top 1000.
  169. ./whatweb -i plugin-development/alexa-top-100.txt \
  170. --url-suffix /crossdomain.xml -p crossdomain_xml
  171.  
  172. OPTIONAL DEPENDENCIES
  173. --------------------------------------------------------------------------------
  174. To enable MongoDB logging install the mongo gem.
  175.  
  176.  
  177. root@kali:~#
  178. WhatWeb Usage Example
  179. root@kali:~# whatweb -v -a 3 192.168.0.102
  180. WhatWeb report for http://192.168.0.102
  181. Status : 200 OK
  182. Title : Toolz TestBed
  183. IP : 192.168.0.102
  184. Country : RESERVED, ZZ
  185.  
  186. Summary : JQuery, Script, X-UA-Compatible[IE=edge], HTML5, Apache[2.2,2.2.22], HTTPServer[Ubuntu Linux][Apache/2.2.22 (Ubuntu)]
  187.  
  188. Detected Plugins:
  189. [ Apache ]
  190. The Apache HTTP Server Project is an effort to develop and
  191. maintain an open-source HTTP server for modern operating
  192. systems including UNIX and Windows NT. The goal of this
  193. project is to provide a secure, efficient and extensible
  194. server that provides HTTP services in sync with the current
  195. HTTP standards.
  196.  
  197. Version : 2.2.22 (from HTTP Server Header)
  198. Version : 2.2
  199. Version : 2.2
  200. Google Dorks: (3)
  201. Website : http://httpd.apache.org/
  202.  
  203. [ HTML5 ]
  204. HTML version 5, detected by the doctype declaration
  205.  
  206.  
  207. [ HTTPServer ]
  208. HTTP server header string. This plugin also attempts to
  209. identify the operating system from the server header.
  210.  
  211. OS : Ubuntu Linux
  212. String : Apache/2.2.22 (Ubuntu) (from server string)
  213.  
  214. [ JQuery ]
  215. A fast, concise, JavaScript that simplifies how to traverse
  216. HTML documents, handle events, perform animations, and add
  217. AJAX.
  218.  
  219. Website : http://jquery.com/
  220.  
  221. [ Script ]
  222. This plugin detects instances of script HTML elements and
  223. returns the script language/type.
  224.  
  225.  
  226. [ X-UA-Compatible ]
  227. This plugin retrieves the X-UA-Compatible value from the
  228. HTTP header and meta http-equiv tag. - More Info:
  229. http://msdn.microsoft.com/en-us/library/cc817574.aspx
  230.  
  231. String : IE=edge
  232.  
  233. HTTP Headers:
  234. HTTP/1.1 200 OK
  235. Date: Mon, 26 Mar 2018 07:58:48 GMT
  236. Server: Apache/2.2.22 (Ubuntu)
  237. Last-Modified: Fri, 02 Feb 2018 15:27:56 GMT
  238. ETag: "11f-2e38-5643c5b56a8d3"
  239. Accept-Ranges: bytes
  240. Vary: Accept-Encoding
  241. Content-Encoding: gzip
  242. Content-Length: 3541
  243. Connection: close
  244. Content-Type: text/html
  245.  
  246. Download Whatweb: https://github.com/urbanadventurer/WhatWeb
  247. Whatwen Home Page: https://www.morningstarsecurity.com/research/whatweb
  248.  
  249. From Kali Linux Penetration Testing Tools: https://tools.kali.org/web-applications/whatweb
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!