whatweb使用说明
1、工具简介
whatweb可以识别Web应用类型,包括内容管理系统(CMS),博客平台,统计分析软件包,JavaScript库,Web服务器,以及嵌入式设备。 whatweb拥有超过1000的插件,可以识别版本号,电子邮件地址,账号ID,Web框架模块,SQL错误等信息。
2、使用方法
终端直接输入“whatweb -h”可以查看其相关参数用法:
light@kali:~# whatweb -h .$$$ $. .$$$ $. $$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$. $ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$. $ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$' $. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$. $::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$ $;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$ $$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$' WhatWeb - Next generation web scanner. Version 0.4.8-dev by Andrew Horton aka urbanadventurer Homepage: http://www.morningstarsecurity.com/research/whatweb Usage: whatweb [options] <URLs> TARGET SELECTION: <URLs> Enter URLs, filenames or nmap-format IP ranges. Use /dev/stdin to pipe HTML directly --input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin TARGET MODIFICATION: --url-prefix Add a prefix to target URLs --url-suffix Add a suffix to target URLs --url-pattern Insert the targets into a URL. Requires --input-file, eg. www.example.com/%insert%/robots.txt AGGRESSION: The aggression level controls the trade-off between speed/stealth and reliability. --aggression, -a=LEVEL Set the aggression level. Default: 1 Aggression levels are: 1. Stealthy Makes one HTTP request per target. Also follows redirects. 2. Unused 3. Aggressive Can make a handful of HTTP requests per target. This triggers aggressive plugins for targets only when those plugins are identified with a level 1 request first. 4. Heavy Makes a lot of HTTP requests per target. Aggressive tests from all plugins are used for all URLs. HTTP OPTIONS: --user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.8-dev. --header, -H Add an HTTP header. eg "Foo:Bar". Specifying a default header will replace it. Specifying an empty value, eg. "User-Agent:" will remove the header. --follow-redirect=WHEN Control when to follow redirects. WHEN may be `never', `http-only', `meta-only', `same-site', `same-domain' or `always'. Default: always --max-redirects=NUM Maximum number of contiguous redirects. Default: 10 AUTHENTICATION: --user, -u=<user:password> HTTP basic authentication Add session cookies with --header, e.g. --header "Cookie: SESSID=1a2b3c;" PROXY: --proxy <hostname[:port]> Set proxy hostname and port Default: 8080 --proxy-user <username:password> Set proxy user and password PLUGINS: --list-plugins, -l List all plugins --plugins, -p=LIST Select plugins. LIST is a comma delimited set of selected plugins. Default is all. Each element can be a directory, file or plugin name and can optionally have a modifier, eg. + or - Examples: +/tmp/moo.rb,+/tmp/foo.rb title,md5,+./plugins-disabled/ ./plugins-disabled,-md5 -p + is a shortcut for -p +plugins-disabled --info-plugins, -I=PLUGINS Display detailed information for plugins. Optionally search with keywords in a comma delimited list. --grep, -g=STRING Search for STRING in HTTP responses. Reports with a plugin named Grep --custom-plugin=DEFINITION Define a custom plugin named Custom-Plugin, Examples: ":text=>'powered by abc'" ":version=>/powered[ ]?by ab[0-9]/" ":ghdb=>'intitle:abc \"powered by abc\"'" ":md5=>'8666257030b94d3bdb46e05945f60b42'" "{:text=>'powered by abc'},{:regexp=>/abc [ ]?1/i}" --dorks=PLUGIN List google dorks for the selected plugin --example-urls, -e=PLUGIN Update the target list with example URLs from the selected plugins. OUTPUT: --verbose, -v Verbose output includes plugin descriptions. Use twice for debugging. --colour,--color=WHEN control whether colour is used. WHEN may be `never', `always', or `auto' --quiet, -q Do not display brief logging to STDOUT --no-errors Suppress error messages LOGGING: --log-brief=FILE Log brief, one-line output --log-verbose=FILE Log verbose output --log-xml=FILE Log XML format --log-json=FILE Log JSON format --log-json-verbose=FILE Log JSON Verbose format --log-magictree=FILE Log MagicTree XML format --log-object=FILE Log Ruby object inspection format --log-mongo-database Name of the MongoDB database --log-mongo-collection Name of the MongoDB collection. Default: whatweb --log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0 --log-mongo-username MongoDB username. Default: nil --log-mongo-password MongoDB password. Default: nil --log-errors=FILE Log errors PERFORMANCE & STABILITY: --max-threads, -t Number of simultaneous threads. Default: 25. --open-timeout Time in seconds. Default: 15 --read-timeout Time in seconds. Default: 30 --wait=SECONDS Wait SECONDS between connections This is useful when using a single thread. HELP & MISCELLANEOUS: --help, -h This help --debug Raise errors in plugins --version Display version information. (WhatWeb 0.4.8-dev) EXAMPLE USAGE: * Scan example.com whatweb example.com * Scan reddit.com slashdot.org with verbose plugin descriptions whatweb -v reddit.com slashdot.org * An aggressive scan of mashable.com detects the exact version of Wordpress whatweb -a 3 mashable.com * Scan the local network quickly with 255 threads and suppress errors whatweb --no-errors -t 255 192.168.0.0/24 OPTIONAL DEPENDENCIES -------------------------------------------------------------------------------- To enable MongoDB logging install the mongo gem. WARNING: Ruby 1.9 support is experimental. For stable usage use Ruby 1.8 instead. Please report bugs at https://github.com/urbanadventurer/WhatWeb/issue
3、使用示范
查询1ight.co的whatweb信息:
light@kali:~# whatweb 1ight.co http://1ight.co [200] Apache[2.4.10][mod_perl/2.0.8-dev], Country[CHINA][CN], HTML5, HTTPServer[Unix][Apache/2.4.10 (Unix) OpenSSL/1.0.1j PHP/5.6.3 mod_perl/2.0.8-dev Perl/v5.16.3], IP[112.74.102.78], MetaGenerator[Typecho 1.0/14.10.10], OpenSSL[1.0.1j], PHP[5.6.3], Perl[5.16.3], Script, Title[Not only Security], UncommonHeaders[x-pingback], X-Powered-By[PHP/5.6.3], X-UA-Compatible[IE=edge], x-pingback[http://1ight.co/action/xmlrpc]
