iT邦幫忙

2021 iThome 鐵人賽

DAY 17
0
Security

Kali Linux 工具筆記系列 第 17

Day 17 網頁分析 - Web Application Analysis (WhatWeb)

WhatWeb是一個用來分析網站的工具,擁有超過1800種的插件來分析網站,包括伺服器類型、版本、IP、框架資訊、SQL錯誤等等。而且可以設定分析級別,所以根據需求來進行快速且隱蔽的分析,或是耗時較久但徹底的滲透測試

先來看一下常用的使用方式,其中-v來詳細顯示插件資訊、-a則可以設定分析級別,另外也提供了掃描網域以及透過檔案來批次執行分析的功能

EXAMPLE USAGE:
* Scan example.com.
  ./whatweb example.com
* Scan reddit.com slashdot.org with verbose plugin descriptions.
  ./whatweb -v reddit.com slashdot.org
* An aggressive scan of wired.com detects the exact version of WordPress.
  ./whatweb -a 3 www.wired.com
* Scan the local network quickly and suppress errors.
  whatweb --no-errors 192.168.0.0/24
* Scan the local network for https websites.
  whatweb --no-errors --url-prefix https:// 192.168.0.0/24
* Scan for crossdomain policies in the Alexa Top 1000.
  ./whatweb -i plugin-development/alexa-top-100.txt \
  --url-suffix /crossdomain.xml -p crossdomain_xml

-a --aggression參數,後面可以帶數字1到4,分別對應不同等級,預設等級為1

  1. Stealthy 每個目標發送一次HTTP請求,且會遵守redirect重導向
  2. (無法使用)
  3. Aggressive 如果符合了一個級別 1 的插件,就會另外發送額外的請求
  4. Heavy 每個目標發出大量HTTP請求來測試每個插件

使用等級3來分析靶機

whatweb -v -a 3 http://192.168.1.86

從結果可以看到分析出相關插件以及其版本

WhatWeb report for http://192.168.1.86
Status    : 200 OK
Title     : Metasploitable2 - Linux
IP        : 192.168.1.86
Country   : RESERVED, ZZ

Summary   : WebDAV[2], PHP[5,5.2.4-2ubuntu5.10], Apache[2.2.8], X-Powered-By[PHP/5.2.4-2ubuntu5.10], HTTPServer[Ubuntu Linux][Apache/2.2.8 (Ubuntu) DAV/2]

Detected Plugins:
[ Apache ]
        The Apache HTTP Server Project is an effort to develop and 
        maintain an open-source HTTP server for modern operating 
        systems including UNIX and Windows NT. The goal of this 
        project is to provide a secure, efficient and extensible 
        server that provides HTTP services in sync with the current 
        HTTP standards. 

        Version      : 2.2.8 (from HTTP Server Header)
        Google Dorks: (3)
        Website     : http://httpd.apache.org/

[ HTTPServer ]
        HTTP server header string. This plugin also attempts to 
        identify the operating system from the server header. 

        OS           : Ubuntu Linux
        String       : Apache/2.2.8 (Ubuntu) DAV/2 (from server string)

[ PHP ]
        PHP is a widely-used general-purpose scripting language 
        that is especially suited for Web development and can be 
        embedded into HTML. This plugin identifies PHP errors, 
        modules and versions and extracts the local file path and 
        username if present. 

        Version      : 5.2.4-2ubuntu5.10
        Version      : 5
        Google Dorks: (2)
        Website     : http://www.php.net/

[ WebDAV ]
        Web-based Distributed Authoring and Versioning (WebDAV) is 
        a set of methods based on the Hypertext Transfer Protocol 
        (HTTP) that facilitates collaboration between users in 
        editing and managing documents and files stored on World 
        Wide Web servers. - More Info: 
        http://en.wikipedia.org/wiki/WebDAV 

        Version      : 2

[ X-Powered-By ]
        X-Powered-By HTTP header 

        String       : PHP/5.2.4-2ubuntu5.10 (from x-powered-by string)

HTTP Headers:
        HTTP/1.1 200 OK
        Date: Sat, 02 Oct 2021 03:22:45 GMT
        Server: Apache/2.2.8 (Ubuntu) DAV/2
        X-Powered-By: PHP/5.2.4-2ubuntu5.10
        Connection: close
        Transfer-Encoding: chunked
        Content-Type: text/html

雖然不知道為什麼這工具的等級2還沒完成,但現有的插件就已經相當豐富,甚至可以自訂套件。另外如果想知道目前支援的套件,或是尋找套件,可以透過以下參數來達成

  --list-plugins, -l            List all plugins.
  --info-plugins, -I=[SEARCH]   List all plugins with detailed information.
                                Optionally search with keywords in a comma
                                delimited list.
  --search-plugins=STRING       Search plugins for a keyword.

上一篇
Day 16 網頁分析 - Web Application Analysis (網頁內容掃描器 - DIRB )
下一篇
Day 18 網頁分析 - Web Application Analysis (Skipfish )
系列文
Kali Linux 工具筆記31

尚未有邦友留言

立即登入留言