Trending Now

1 0


Whatweb is a penetretion testing or pentest tool. This tool has developed by kali Linux for pentest, which is useful for web application. 

All Applications & Tools are  include with Education Purpose.


WhatWeb Description

WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.

Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ”, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.

This tool has huge features..

Features

  • Over 1700 plugins

  • Control the trade off between speed/stealth and reliability

  • Plugins include example URLs

  • Performance tuning. Control how many websites to scan concurrently.

  • Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, and ElasticSearch.

  • Proxy support including TOR

  • Custom HTTP headers

  • Basic HTTP authentication

  • Control over webpage redirection

  • Nmap-style IP ranges

  • Fuzzy matching

  • Result certainty awareness

  • Custom plugins defined on the command line

If You deep learning about that you should to go their website, you will learn each particular items how the do work.

Sources:

Main Site Morningstar Security   www.morningstarsecurity.com/research/whatweb

Kali Linux Tool  tools.kali.org/web-applications/whatweb

So,

Now I will show you that how to find out vulnerable of any websites in few seconds.!

If you using a Kali linux open Source on your PC or laptop with Update Version then you do not install this tool on alternative way, because of Whatweb has been installed in Kali Linux Update version or If you not found then  I give the GitHub Link in this below for Download

Download Link: github.com/urbanadventurer/WhatWeb

Let’s Start there..

Firstly you should open your Kali Linux Terminal with Root System then you type that whatweb then you should look at that

Secondly you should find out the plugin of Verbose, this plugin we have to use Information gathering of the target website

So, Type the Terminal with whatweb Space -v then Space & then the website Link or URL . Suppose I have used for infomation w3schools.com. Let see how the type ..

whatweb -v https://www.w3schools.com

& then you should see the Docs/PDF File in below ..

Click the w3schools text & get the PDF File of w3schools website

w3schools

┌─[root@kali]─[~]
└──╼ #whatweb -v https://www.w3schools.com/
WhatWeb report for https://www.w3schools.com/
Status : 200 OK
Title : W3Schools Online Web Tutorials
IP : 192.229.179.87
Country : UNITED STATES, US

Summary : X-Powered-By[ASP.NET], HTTPServer[ECS (sgb/C6A3)], Script[text/javascript], HTML5, X-Frame-Options[SAMEORIGIN], Frame, Google-Analytics[Universal][UA-3855518-1], PasswordField[p]

Detected Plugins:
[ Frame ]
This plugin detects instances of frame and iframe HTML 
elements.

[ Google-Analytics ]
This plugin identifies the Google Analytics account.

Version : Universal
Account : UA-3855518-1
Website : http://www.google.com/analytics/

[ HTML5 ]
HTML version 5, detected by the doctype declaration

[ HTTPServer ]
HTTP server header string. This plugin also attempts to 
identify the operating system from the server header.

String : ECS (sgb/C6A3) (from server string)

[ PasswordField ]
find password fields

String : p (from field name)

[ Script ]
This plugin detects instances of script HTML elements and 
returns the script language/type.

String : text/javascript

[ X-Frame-Options ]
This plugin retrieves the X-Frame-Options value from the 
HTTP header. - More Info: 
http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
aspx

String : SAMEORIGIN

[ X-Powered-By ]
X-Powered-By HTTP header

String : ASP.NET (from x-powered-by string)

HTTP Headers:
HTTP/1.1 200 OK
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 9018
Cache-Control: Public,public
Content-Type: text/html
Date: Fri, 18 Sep 2020 13:48:34 GMT
Expires: Fri, 18 Sep 2020 17:48:35 GMT
Last-Modified: Fri, 18 Sep 2020 11:18:16 GMT
Server: ECS (sgb/C6A3)
Vary: Accept-Encoding
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Content-Length: 16384
Connection: close

So,

let’s try another website .. now we have scan to information getherfor Facebook website .This is huge big  platform .

let’st start that

See the Doc/PDF File in the below.

Click the Facebook text & get the PDF File of Facebook website

Facebook

┌─[✗]─[root@kali]─[~]
└──╼ #whatweb -v https://www.facebook.com/
WhatWeb report for https://www.facebook.com/
Status : 200 OK
Title : <None>
IP : 157.240.23.35
Country : UNITED STATES, US

Summary : HttpOnly[fr,sb], Script[application/ld+json], HTML5, X-Frame-Options[DENY], Meta-Refresh-Redirect[/?_fb_noscript=1], Cookies[fr,sb], UncommonHeaders[x-content-type-options,x-fb-debug,alt-svc], X-XSS-Protection[0], Strict-Transport-Security[max-age=15552000; preload], OpenSearch[/osd.xml], PasswordField[pass]

Detected Plugins:
[ Cookies ]
Display the names of cookies in the HTTP headers. The 
values are not returned to save on space.

String : fr
String : sb

[ HTML5 ]
HTML version 5, detected by the doctype declaration

[ HttpOnly ]
If the HttpOnly flag is included in the HTTP set-cookie 
response header and the browser supports it then the cookie 
cannot be accessed through client side script - More Info: 
http://en.wikipedia.org/wiki/HTTP_cookie

String : fr,sb

[ Meta-Refresh-Redirect ]
Meta refresh tag is a deprecated URL element that can be 
used to optionally wait x seconds before reloading the 
current page or loading a new page. More info: 
https://secure.wikimedia.org/wikipedia/en/wiki/Meta_refresh

String : /?_fb_noscript=1

[ OpenSearch ]
This plugin identifies open search and extracts the URL. 
OpenSearch is a collection of simple formats for the 
sharing of search results.

String : /osd.xml

[ PasswordField ]
find password fields

String : pass (from field name)

[ Script ]
This plugin detects instances of script HTML elements and 
returns the script language/type.

String : application/ld+json

[ Strict-Transport-Security ]
Strict-Transport-Security is an HTTP header that restricts 
a web browser from accessing a website without the security 
of the HTTPS protocol.

String : max-age=15552000; preload

[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all 
the standard headers and many non standard but common ones. 
Interesting but fairly common headers should have their own 
plugins, eg. x-powered-by, server and x-aspnet-version. 
Info about headers can be found at www.http-stats.com

String : x-content-type-options,x-fb-debug,alt-svc (from headers)

[ X-Frame-Options ]
This plugin retrieves the X-Frame-Options value from the 
HTTP header. - More Info: 
http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
aspx

String : DENY

[ X-XSS-Protection ]
This plugin retrieves the X-XSS-Protection value from the 
HTTP header. - More Info: 
http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
aspx

String : 0

HTTP Headers:
HTTP/1.1 200 OK
Content-Encoding: gzip
Set-Cookie: fr=10pvwd9Q6hmHLy8Z6..BfZLn7.mi.AAA.0.0.BfZLn7.AWULW1TL; expires=Thu, 17-Dec-2020 13:45:30 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly
Set-Cookie: sb=-7lkX_2fHjujzw8XfVG2p3Wi; expires=Sun, 18-Sep-2022 13:45:31 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly
Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Content-Type: text/html; charset="utf-8"
X-FB-Debug: t88vwzEvi1plZ5vUEA9k24+vZ+26/Gv2FzIP33IIvmz56W1puXwdKGYVIoOsY+l6u9cqfDYtOOtCqkLR8alvLg==
Date: Fri, 18 Sep 2020 13:45:31 GMT
Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
Connection: close

WhatWeb report for https://www.facebook.com/?_fb_noscript=1
Status : 200 OK
Title : <None>
IP : 157.240.23.35
Country : UNITED STATES, US

Summary : HttpOnly[fr,sb], Script[application/ld+json], HTML5, X-Frame-Options[DENY], Cookies[fr,noscript,sb], UncommonHeaders[x-content-type-options,x-fb-debug,alt-svc], X-XSS-Protection[0], Strict-Transport-Security[max-age=15552000; preload], OpenSearch[/osd.xml], PasswordField[pass]

Detected Plugins:
[ Cookies ]
Display the names of cookies in the HTTP headers. The 
values are not returned to save on space.

String : fr
String : sb
String : noscript

[ HTML5 ]
HTML version 5, detected by the doctype declaration

[ HttpOnly ]
If the HttpOnly flag is included in the HTTP set-cookie 
response header and the browser supports it then the cookie 
cannot be accessed through client side script - More Info: 
http://en.wikipedia.org/wiki/HTTP_cookie

String : fr,sb

[ OpenSearch ]
This plugin identifies open search and extracts the URL. 
OpenSearch is a collection of simple formats for the 
sharing of search results.

String : /osd.xml

[ PasswordField ]
find password fields

String : pass (from field name)

[ Script ]
This plugin detects instances of script HTML elements and 
returns the script language/type.

String : application/ld+json

[ Strict-Transport-Security ]
Strict-Transport-Security is an HTTP header that restricts 
a web browser from accessing a website without the security 
of the HTTPS protocol.

String : max-age=15552000; preload

[ UncommonHeaders ]
Uncommon HTTP server headers. The blacklist includes all 
the standard headers and many non standard but common ones. 
Interesting but fairly common headers should have their own 
plugins, eg. x-powered-by, server and x-aspnet-version. 
Info about headers can be found at www.http-stats.com

String : x-content-type-options,x-fb-debug,alt-svc (from headers)

[ X-Frame-Options ]
This plugin retrieves the X-Frame-Options value from the 
HTTP header. - More Info: 
http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
aspx

String : DENY

[ X-XSS-Protection ]
This plugin retrieves the X-XSS-Protection value from the 
HTTP header. - More Info: 
http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
aspx

String : 0

HTTP Headers:
HTTP/1.1 200 OK
Content-Encoding: gzip
Set-Cookie: fr=1IAmhmpGjlCD088SX..BfZLoD.Dp.AAA.0.0.BfZLoD.AWVdpyGv; expires=Thu, 17-Dec-2020 13:45:38 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly
Set-Cookie: sb=A7pkX30-qbX0KT7fKsdO1dYZ; expires=Sun, 18-Sep-2022 13:45:39 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly
Set-Cookie: noscript=1; path=/; domain=.facebook.com; secure
Cache-Control: private, no-cache, no-store, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Content-Type: text/html; charset="utf-8"
X-FB-Debug: em8x/lM1SbdtemTxDHv0ytQbNsY2SlUG/fiowWqJ3+1H4wkRRlXTDk0//s+Y++ummrq8Z4irVVAwl2jofbHGeQ==
Date: Fri, 18 Sep 2020 13:45:39 GMT
Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
Connection: close

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

One thought on “whatweb scanner for pentest

Leave a Reply

Your email address will not be published. Required fields are marked *