Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like:

  • Platform
  • CMS platform
  • Type of Script
  • Google Analytics
  • Web server Platform
  • IP address, Country
  • 900+ Plugins & their libraries used
  • Server Headers, Cookies and a lot more.

Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion & various types of queries & identify all technologies just like a vulnerability scanner.

So a pentester can use this tool as both a recon tool & vulnerability scanner. There are various other features like proxy support, scan tuning, scanning a range of IPs, spidering etc.

Homepage: http://www.morningstarsecurity.com/research/whatweb

Options

Options is deprecated. Only major options or listed. Visit tool homepage for complete options

Lab 1: Perform Simple enumeration of websites over the internet.

In this lab, we will perform simple enumeration of websites. The result of this is we can get to know the technologies used in the website & webserver.

Note: Please don’t use this against government or military websites without prior permission. The author of this article or tool itself are not responsible for any consequences if misused.

Scenario:

Attacker: Kali Linux VM

Target: www.facebook.com

To give a more verbose Output

Practically, how we can use this information for Vulnerability Analysis is that sometimes you may get that the webserver is an outdated version of Apache or IIS. Or sometimes, the website is running an old WordPress version vulnerable to many issues. Like that, you can find out the vulns & exploits for different versions of technologies used in the website.

Lab 2: Perform Enumeration of a range of websites

whatweb allows you to test for a range of IP addresses. In this lab, we test a range of IPs on a local network. This can be useful while doing Pentests inside a production network or sometimes like finding out a list of Web-UIs or cpanels on a range of IPs.

Scenario:

Internal Network : 192.168.0.0/24

Attacker: Kali Linux

Interestingly, the verbose output gives out coloured strings on interesting information. Take look at all those colours in the images below & identify all modules.

Try for yourself: Remember whatweb can scan for ranges outside the LAN, on the WAN also. Find out google’s IP address, and  perform a scan on it’s range.

Don’t forget to subscribe also.

LEAVE A REPLY

Please enter your comment!
Please enter your name here