2021 iThome 鐵人賽

DAY 17

Kali Linux 工具筆記系列 第 17

Day 17 網頁分析 - Web Application Analysis (WhatWeb)



* Scan
* Scan with verbose plugin descriptions.
  ./whatweb -v
* An aggressive scan of detects the exact version of WordPress.
  ./whatweb -a 3
* Scan the local network quickly and suppress errors.
  whatweb --no-errors
* Scan the local network for https websites.
  whatweb --no-errors --url-prefix https://
* Scan for crossdomain policies in the Alexa Top 1000.
  ./whatweb -i plugin-development/alexa-top-100.txt \
  --url-suffix /crossdomain.xml -p crossdomain_xml

-a --aggression參數,後面可以帶數字1到4,分別對應不同等級,預設等級為1

  1. Stealthy 每個目標發送一次HTTP請求,且會遵守redirect重導向
  2. (無法使用)
  3. Aggressive 如果符合了一個級別 1 的插件,就會另外發送額外的請求
  4. Heavy 每個目標發出大量HTTP請求來測試每個插件


whatweb -v -a 3


WhatWeb report for
Status    : 200 OK
Title     : Metasploitable2 - Linux
IP        :
Country   : RESERVED, ZZ

Summary   : WebDAV[2], PHP[5,5.2.4-2ubuntu5.10], Apache[2.2.8], X-Powered-By[PHP/5.2.4-2ubuntu5.10], HTTPServer[Ubuntu Linux][Apache/2.2.8 (Ubuntu) DAV/2]

Detected Plugins:
[ Apache ]
        The Apache HTTP Server Project is an effort to develop and 
        maintain an open-source HTTP server for modern operating 
        systems including UNIX and Windows NT. The goal of this 
        project is to provide a secure, efficient and extensible 
        server that provides HTTP services in sync with the current 
        HTTP standards. 

        Version      : 2.2.8 (from HTTP Server Header)
        Google Dorks: (3)
        Website     :

[ HTTPServer ]
        HTTP server header string. This plugin also attempts to 
        identify the operating system from the server header. 

        OS           : Ubuntu Linux
        String       : Apache/2.2.8 (Ubuntu) DAV/2 (from server string)

[ PHP ]
        PHP is a widely-used general-purpose scripting language 
        that is especially suited for Web development and can be 
        embedded into HTML. This plugin identifies PHP errors, 
        modules and versions and extracts the local file path and 
        username if present. 

        Version      : 5.2.4-2ubuntu5.10
        Version      : 5
        Google Dorks: (2)
        Website     :

[ WebDAV ]
        Web-based Distributed Authoring and Versioning (WebDAV) is 
        a set of methods based on the Hypertext Transfer Protocol 
        (HTTP) that facilitates collaboration between users in 
        editing and managing documents and files stored on World 
        Wide Web servers. - More Info: 

        Version      : 2

[ X-Powered-By ]
        X-Powered-By HTTP header 

        String       : PHP/5.2.4-2ubuntu5.10 (from x-powered-by string)

HTTP Headers:
        HTTP/1.1 200 OK
        Date: Sat, 02 Oct 2021 03:22:45 GMT
        Server: Apache/2.2.8 (Ubuntu) DAV/2
        X-Powered-By: PHP/5.2.4-2ubuntu5.10
        Connection: close
        Transfer-Encoding: chunked
        Content-Type: text/html


  --list-plugins, -l            List all plugins.
  --info-plugins, -I=[SEARCH]   List all plugins with detailed information.
                                Optionally search with keywords in a comma
                                delimited list.
  --search-plugins=STRING       Search plugins for a keyword.

Day 16 網頁分析 - Web Application Analysis (網頁內容掃描器 - DIRB )
Day 18 網頁分析 - Web Application Analysis (Skipfish )
Kali Linux 工具筆記31