1
0
Whatweb is a penetretion testing or pentest tool. This tool has developed by kali Linux for pentest, which is useful for web application.
All Applications & Tools are include with Education Purpose.
WhatWeb Description
WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ”, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.
This tool has huge features..
Features
-
Over 1700 plugins
-
Control the trade off between speed/stealth and reliability
-
Plugins include example URLs
-
Performance tuning. Control how many websites to scan concurrently.
-
Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, and ElasticSearch.
-
Proxy support including TOR
-
Custom HTTP headers
-
Basic HTTP authentication
-
Control over webpage redirection
-
Nmap-style IP ranges
-
Fuzzy matching
-
Result certainty awareness
-
Custom plugins defined on the command line
If You deep learning about that you should to go their website, you will learn each particular items how the do work.
Sources:
Main Site Morningstar Security www.morningstarsecurity.com/research/whatweb
Kali Linux Tool tools.kali.org/web-applications/whatweb
So,
Now I will show you that how to find out vulnerable of any websites in few seconds.!
If you using a Kali linux open Source on your PC or laptop with Update Version then you do not install this tool on alternative way, because of Whatweb has been installed in Kali Linux Update version or If you not found then I give the GitHub Link in this below for Download
Download Link: github.com/urbanadventurer/WhatWeb
Let’s Start there..
Firstly you should open your Kali Linux Terminal with Root System then you type that whatweb then you should look at that
Secondly you should find out the plugin of Verbose, this plugin we have to use Information gathering of the target website
So, Type the Terminal with whatweb Space -v then Space & then the website Link or URL . Suppose I have used for infomation w3schools.com. Let see how the type ..
whatweb -v https://www.w3schools.com
& then you should see the Docs/PDF File in below ..
Click the w3schools text & get the PDF File of w3schools website
┌─[root@kali]─[~] └──╼ #whatweb -v https://www.w3schools.com/ WhatWeb report for https://www.w3schools.com/ Status : 200 OK Title : W3Schools Online Web Tutorials IP : 192.229.179.87 Country : UNITED STATES, US Summary : X-Powered-By[ASP.NET], HTTPServer[ECS (sgb/C6A3)], Script[text/javascript], HTML5, X-Frame-Options[SAMEORIGIN], Frame, Google-Analytics[Universal][UA-3855518-1], PasswordField[p] Detected Plugins: [ Frame ] This plugin detects instances of frame and iframe HTML elements. [ Google-Analytics ] This plugin identifies the Google Analytics account. Version : Universal Account : UA-3855518-1 Website : http://www.google.com/analytics/ [ HTML5 ] HTML version 5, detected by the doctype declaration [ HTTPServer ] HTTP server header string. This plugin also attempts to identify the operating system from the server header. String : ECS (sgb/C6A3) (from server string) [ PasswordField ] find password fields String : p (from field name) [ Script ] This plugin detects instances of script HTML elements and returns the script language/type. String : text/javascript [ X-Frame-Options ] This plugin retrieves the X-Frame-Options value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx String : SAMEORIGIN [ X-Powered-By ] X-Powered-By HTTP header String : ASP.NET (from x-powered-by string) HTTP Headers: HTTP/1.1 200 OK Content-Encoding: gzip Accept-Ranges: bytes Age: 9018 Cache-Control: Public,public Content-Type: text/html Date: Fri, 18 Sep 2020 13:48:34 GMT Expires: Fri, 18 Sep 2020 17:48:35 GMT Last-Modified: Fri, 18 Sep 2020 11:18:16 GMT Server: ECS (sgb/C6A3) Vary: Accept-Encoding X-Cache: HIT X-Frame-Options: SAMEORIGIN X-Powered-By: ASP.NET Content-Length: 16384 Connection: close
So,
let’s try another website .. now we have scan to information getherfor Facebook website .This is huge big platform .
let’st start that
See the Doc/PDF File in the below.
Click the Facebook text & get the PDF File of Facebook website
┌─[✗]─[root@kali]─[~] └──╼ #whatweb -v https://www.facebook.com/ WhatWeb report for https://www.facebook.com/ Status : 200 OK Title : <None> IP : 157.240.23.35 Country : UNITED STATES, US Summary : HttpOnly[fr,sb], Script[application/ld+json], HTML5, X-Frame-Options[DENY], Meta-Refresh-Redirect[/?_fb_noscript=1], Cookies[fr,sb], UncommonHeaders[x-content-type-options,x-fb-debug,alt-svc], X-XSS-Protection[0], Strict-Transport-Security[max-age=15552000; preload], OpenSearch[/osd.xml], PasswordField[pass] Detected Plugins: [ Cookies ] Display the names of cookies in the HTTP headers. The values are not returned to save on space. String : fr String : sb [ HTML5 ] HTML version 5, detected by the doctype declaration [ HttpOnly ] If the HttpOnly flag is included in the HTTP set-cookie response header and the browser supports it then the cookie cannot be accessed through client side script - More Info: http://en.wikipedia.org/wiki/HTTP_cookie String : fr,sb [ Meta-Refresh-Redirect ] Meta refresh tag is a deprecated URL element that can be used to optionally wait x seconds before reloading the current page or loading a new page. More info: https://secure.wikimedia.org/wikipedia/en/wiki/Meta_refresh String : /?_fb_noscript=1 [ OpenSearch ] This plugin identifies open search and extracts the URL. OpenSearch is a collection of simple formats for the sharing of search results. String : /osd.xml [ PasswordField ] find password fields String : pass (from field name) [ Script ] This plugin detects instances of script HTML elements and returns the script language/type. String : application/ld+json [ Strict-Transport-Security ] Strict-Transport-Security is an HTTP header that restricts a web browser from accessing a website without the security of the HTTPS protocol. String : max-age=15552000; preload [ UncommonHeaders ] Uncommon HTTP server headers. The blacklist includes all the standard headers and many non standard but common ones. Interesting but fairly common headers should have their own plugins, eg. x-powered-by, server and x-aspnet-version. Info about headers can be found at www.http-stats.com String : x-content-type-options,x-fb-debug,alt-svc (from headers) [ X-Frame-Options ] This plugin retrieves the X-Frame-Options value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx String : DENY [ X-XSS-Protection ] This plugin retrieves the X-XSS-Protection value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx String : 0 HTTP Headers: HTTP/1.1 200 OK Content-Encoding: gzip Set-Cookie: fr=10pvwd9Q6hmHLy8Z6..BfZLn7.mi.AAA.0.0.BfZLn7.AWULW1TL; expires=Thu, 17-Dec-2020 13:45:30 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly Set-Cookie: sb=-7lkX_2fHjujzw8XfVG2p3Wi; expires=Sun, 18-Sep-2022 13:45:31 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly Cache-Control: private, no-cache, no-store, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15552000; preload Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 0 Expires: Sat, 01 Jan 2000 00:00:00 GMT Content-Type: text/html; charset="utf-8" X-FB-Debug: t88vwzEvi1plZ5vUEA9k24+vZ+26/Gv2FzIP33IIvmz56W1puXwdKGYVIoOsY+l6u9cqfDYtOOtCqkLR8alvLg== Date: Fri, 18 Sep 2020 13:45:31 GMT Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 Connection: close WhatWeb report for https://www.facebook.com/?_fb_noscript=1 Status : 200 OK Title : <None> IP : 157.240.23.35 Country : UNITED STATES, US Summary : HttpOnly[fr,sb], Script[application/ld+json], HTML5, X-Frame-Options[DENY], Cookies[fr,noscript,sb], UncommonHeaders[x-content-type-options,x-fb-debug,alt-svc], X-XSS-Protection[0], Strict-Transport-Security[max-age=15552000; preload], OpenSearch[/osd.xml], PasswordField[pass] Detected Plugins: [ Cookies ] Display the names of cookies in the HTTP headers. The values are not returned to save on space. String : fr String : sb String : noscript [ HTML5 ] HTML version 5, detected by the doctype declaration [ HttpOnly ] If the HttpOnly flag is included in the HTTP set-cookie response header and the browser supports it then the cookie cannot be accessed through client side script - More Info: http://en.wikipedia.org/wiki/HTTP_cookie String : fr,sb [ OpenSearch ] This plugin identifies open search and extracts the URL. OpenSearch is a collection of simple formats for the sharing of search results. String : /osd.xml [ PasswordField ] find password fields String : pass (from field name) [ Script ] This plugin detects instances of script HTML elements and returns the script language/type. String : application/ld+json [ Strict-Transport-Security ] Strict-Transport-Security is an HTTP header that restricts a web browser from accessing a website without the security of the HTTPS protocol. String : max-age=15552000; preload [ UncommonHeaders ] Uncommon HTTP server headers. The blacklist includes all the standard headers and many non standard but common ones. Interesting but fairly common headers should have their own plugins, eg. x-powered-by, server and x-aspnet-version. Info about headers can be found at www.http-stats.com String : x-content-type-options,x-fb-debug,alt-svc (from headers) [ X-Frame-Options ] This plugin retrieves the X-Frame-Options value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx String : DENY [ X-XSS-Protection ] This plugin retrieves the X-XSS-Protection value from the HTTP header. - More Info: http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29. aspx String : 0 HTTP Headers: HTTP/1.1 200 OK Content-Encoding: gzip Set-Cookie: fr=1IAmhmpGjlCD088SX..BfZLoD.Dp.AAA.0.0.BfZLoD.AWVdpyGv; expires=Thu, 17-Dec-2020 13:45:38 GMT; Max-Age=7775999; path=/; domain=.facebook.com; secure; httponly Set-Cookie: sb=A7pkX30-qbX0KT7fKsdO1dYZ; expires=Sun, 18-Sep-2022 13:45:39 GMT; Max-Age=63072000; path=/; domain=.facebook.com; secure; httponly Set-Cookie: noscript=1; path=/; domain=.facebook.com; secure Cache-Control: private, no-cache, no-store, must-revalidate Pragma: no-cache Strict-Transport-Security: max-age=15552000; preload Vary: Accept-Encoding X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 0 Expires: Sat, 01 Jan 2000 00:00:00 GMT Content-Type: text/html; charset="utf-8" X-FB-Debug: em8x/lM1SbdtemTxDHv0ytQbNsY2SlUG/fiowWqJ3+1H4wkRRlXTDk0//s+Y++ummrq8Z4irVVAwl2jofbHGeQ== Date: Fri, 18 Sep 2020 13:45:39 GMT Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 Connection: close
[…] whatweb scanner for pentest […]