WhatWeb identifies websites. Its destination is to response the question, “What is that Website?”. WhatWeb recognises spider web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, spider web servers, together with embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb likewise identifies version numbers, e-mail addresses, delineate of piece of job organization human relationship IDs, spider web framework modules, SQL errors, together with more.
WhatWeb tin give notice live stealthy together with fast, or thorough but slow. WhatWeb supports an aggression score to command the merchandise off betwixt speed together with reliability. When you lot view a website inwards your browser, the transaction includes many hints of what spider web technologies are powering that website. Sometimes a unmarried webpage view contains plenty information to position a website but when it does not, WhatWeb tin give notice interrogate the website further. The default score of aggression, called ‘stealthy’, is the fastest together with requires entirely ane HTTP asking of a website. This is suitable for scanning world websites. More aggressive modes were developed for role inwards penetration tests.
Most WhatWeb plugins are thorough together with recognise a arrive at of cues from subtle to obvious. For example, nearly WordPress websites tin give notice live identified yesteryear the meta HTML tag, e.g. “, but a minority of WordPress websites take this identifying tag but this does non thwart WhatWeb. The WordPress WhatWeb plugin has over fifteen tests, which include checking the favicon, default installation files, login pages, together with checking for “/wp-content/” inside relative links.
Features:
- Over 1700 plugins
- Control the merchandise off betwixt speed/stealth together with reliability
- Plugins include instance URLs
- Performance tuning. Control how many websites to scan concurrently.
- Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, together with ElasticSearch.
- Proxy back upward including TOR
- Custom HTTP headers
- Basic HTTP authentication
- Control over webpage redirection
- Nmap-style IP ranges
- Fuzzy matching
- Result certainty awareness
- Custom plugins defined on the command line
WhatWeb Help
root@kali: # whatweb -h
.$$$ $. .$$$ $.
$$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$.
$ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.
$ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$'
$. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$.
$::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$
$;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$
$$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
WhatWeb - Next generation spider web scanner version 0.4.9.
Developed yesteryear Andrew Horton aka urbanadventurer together with Brendan Coles.
Homepage: http://www.morningstarsecurity.com/research/whatweb
Usage: whatweb [options]
TARGET SELECTION:
Enter URLs, hostnames, IP adddresses,
filenames, or nmap-format IP address ranges.
--input-file=FILE, -i Read targets from a file. You tin give notice pipe
hostnames or URLs conduct amongst -i /dev/stdin.
TARGET MODIFICATION:
--url-prefix Add a prefix to target URLs.
--url-suffix Add a suffix to target URLs.
--url-pattern Insert the targets into a URL.
e.g. example.com/%insert%/robots.txt
AGGRESSION:
The aggression score controls the trade-off betwixt speed/stealth and
reliability.
--aggression, -a=LEVEL Set the aggression level. Default: 1.
1. Stealthy Makes ane HTTP asking per target together with also
follows redirects.
3. Aggressive If a score 1 plugin is matched, additional
requests volition live made.
4. Heavy Makes a lot of HTTP requests per target. URLs
from all plugins are attempted.
HTTP OPTIONS:
--user-agent, -U=AGENT Identify equally AGENT instead of WhatWeb/0.4.9.
--header, -H Add an HTTP header. eg "Foo:Bar". Specifying a
default header volition supersede it. Specifying an
empty value, e.g. "User-Agent:" volition take it.
--follow-redirect=WHEN Control when to follow redirects. WHEN may be
`never', `http-only', `meta-only', `same-site',
`same-domain' or `always'. Default: always.
--max-redirects=NUM Maximum pose out of redirects. Default: 10.
AUTHENTICATION:
--user, -u= HTTP basic authentication.
--cookie, -c=COOKIES Use cookies, e.g. 'name=value; name2=value2'.
PROXY:
--proxy <hostname[:port]> Set proxy hostname together with port.
Default: 8080.
--proxy-user Set proxy user together with password.
PLUGINS:
--list-plugins, -l List all plugins.
--info-plugins, -I=[SEARCH] List all plugins amongst detailed information.
Optionally search amongst keywords inwards a comma
delimited list.
--search-plugins=STRING Search plugins for a keyword.
--plugins, -p=LIST Select plugins. LIST is a comma delimited set
of selected plugins. Default is all.
Each chemical component subdivision tin give notice live a directory, file or plugin
name together with tin give notice optionally convey a modifier, +/-.
Examples: +/tmp/moo.rb,+/tmp/foo.rb
title,md5,+./plugins-disabled/
./plugins-disabled,-md5
-p + is a shortcut for -p +plugins-disabled.
--grep, -g=STRING Search for STRING inwards HTTP responses. Reports
with a plugin named Grep.
--custom-plugin=DEFINITION Define a custom plugin named Custom-Plugin,
Examples: ":text=>'powered yesteryear abc'"
":version=>/powered[ ]?by ab[0-9]/"
":ghdb=>'intitle:abc "powered yesteryear abc"'"
":md5=>'8666257030b94d3bdb46e05945f60b42'"
"{:text=>'powered yesteryear abc'}"
--dorks=PLUGIN List Google dorks for the selected plugin.
OUTPUT:
--verbose, -v Verbose output includes plugin descriptions.
Use twice for debugging.
--colour,--color=WHEN command whether color is used. WHEN may be
`never', `always', or `auto'.
--quiet, -q Do non display brief logging to STDOUT.
--no-errors Suppress fault messages.
LOGGING:
--log-brief=FILE Log brief, one-line output.
--log-verbose=FILE Log verbose output.
--log-errors=FILE Log errors.
--log-xml=FILE Log XML format.
--log-json=FILE Log JSON format.
--log-sql=FILE Log SQL INSERT statements.
--log-sql-create=FILE Create SQL database tables.
--log-json-verbose=FILE Log JSON Verbose format.
--log-magictree=FILE Log MagicTree XML format.
--log-object=FILE Log Ruby object inspection format.
--log-mongo-database Name of the MongoDB database.
--log-mongo-collection Name of the MongoDB collection.
Default: whatweb.
--log-mongo-host MongoDB hostname or IP address.
Default: 0.0.0.0.
--log-mongo-username MongoDB username. Default: nil.
--log-mongo-password MongoDB password. Default: nil.
--log-elastic-index Name of the index to shop results. Default: whatweb
--log-elastic-host Host:port of the elastic http interface. Default: 127.0.0.1:9200
PERFORMANCE & STABILITY:
--max-threads, -t Number of simultaneous threads. Default: 25.
--open-timeout Time inwards seconds. Default: 15.
--read-timeout Time inwards seconds. Default: 30.
--wait=SECONDS Wait SECONDS betwixt connections.
This is useful when using a unmarried thread.
HELP & MISCELLANEOUS:
--short-help Short usage help.
--help, -h Complete usage help.
--debug Raise errors inwards plugins.
--version Display version information.
EXAMPLE USAGE:
* Scan example.com.
./whatweb example.com
* Scan reddit.com slashdot.org amongst verbose plugin descriptions.
./whatweb -v reddit.com slashdot.org
* An aggressive scan of wired.com detects the exact version of WordPress.
./whatweb -a three www.wired.com
* Scan the local network chop-chop together with suppress errors.
whatweb --no-errors 192.168.0.0/24
* Scan the local network for https websites.
whatweb --no-errors --url-prefix https:// 192.168.0.0/24
* Scan for crossdomain policies inwards the Alexa Top 1000.
./whatweb -i plugin-development/alexa-top-100.txt
--url-suffix /crossdomain.xml -p crossdomain_xml
OPTIONAL DEPENDENCIES
--------------------------------------------------------------------------------
To enable MongoDB logging install the mongo gem.
root@kali: #
WhatWeb Usage Example
root@kali: # whatweb -v -a three 192.168.0.102
WhatWeb written report for http://192.168.0.102
Status : 200 OK
Title : Toolz TestBed
IP : 192.168.0.102
Country : RESERVED, ZZ
Summary : JQuery, Script, X-UA-Compatible[IE=edge], HTML5, Apache[2.2,2.2.22], HTTPServer[Ubuntu Linux][Apache/2.2.22 (Ubuntu)]
Detected Plugins:
[ Apache ]
The Apache HTTP Server Project is an movement to railroad train and
maintain an open-source HTTP server for modern operating
systems including UNIX together with Windows NT. The destination of this
project is to supply a secure, efficient together with extensible
server that provides HTTP services inwards sync amongst the current
HTTP standards.
Version : 2.2.22 (from HTTP Server Header)
Version : 2.2
Version : 2.2
Google Dorks: (3)
Website : http://httpd.apache.org/
[ HTML5 ]
HTML version 5, detected yesteryear the doctype declaration
[ HTTPServer ]
HTTP server header string. This plugin likewise attempts to
identify the operating organization from the server header.
OS : Ubuntu Linux
String : Apache/2.2.22 (Ubuntu) (from server string)
[ JQuery ]
A fast, concise, JavaScript that simplifies how to traverse
HTML documents, handgrip events, perform animations, together with add
AJAX.
Website : http://jquery.com/
[ Script ]
This plugin detects instances of script HTML elements and
returns the script language/type.
[ X-UA-Compatible ]
This plugin retrieves the X-UA-Compatible value from the
HTTP header together with meta http-equiv tag. - More Info:
http://msdn.microsoft.com/en-us/library/cc817574.aspx
String : IE=edge
HTTP Headers:
HTTP/1.1 200 OK
Date: Mon, 26 Mar 2018 07:58:48 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Fri, 02 February 2018 15:27:56 GMT
ETag: "11f-2e38-5643c5b56a8d3"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3541
Connection: close
Content-Type: text/html
root@kali: #
Source:
Author: Andrew Horton & Brendan Colese
License: GPLv2
Buat lebih berguna, kongsi:
