31 May 2010 | 21,863 views

WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)

Prevent Network Security Leaks with Acunetix

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these hints and reports what it finds.

WhatWeb has over 80 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues. For example, a WordPress site might remove the tag but the WordPress plugin also looks for “wp-content” which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID’s and more.

There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.

Log Ouput

There are currently 3 types of log output. They are:

  • Brief logging
  • Full logging
  • XML logging

Plugins

There are over 90 plugins as of version 0.4.3. Plugins are easy to make. Matches are made with regular expressions, Google Hack Database queries, and custom ruby code. For now the probability means maybe (25%), probably (75%) and certain (100%).

You can download WhatWeb 0.4.3 here:

whatweb-0.4.3.tar.gz

Or read more here.



Recent in Hacking Tools:
- dirs3arch – HTTP File & Directory Brute Forcing Tool
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

Related Posts:
- wig – WebApp Information Gatherer – Identify CMS
- BlindElephant – Web Application Fingerprinter
- Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,857,820 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,043,542 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 619,233 views

Advertise on Darknet

Comments are closed.