WHAT IS WHATWEB | KALI LINUX TOOL TO GATHER INFORMATION FROM WEBSITE | HOW TO USE WHATWEB

bySukhendu -

WHAT IS WHATWEB | KALI LINUX TOOL TO GATHER INFORMATION FROM WEBSITE | HOW TO USE WHATWEB





In this article we're going to discuss a tool called Whatweb, this tool is used to gather information and to scan from any website on the Internet. So it is primarily used Kali Linux tool to scan websites, since this tool recognizes web technologies, including Web servers and better devices, JavaScript libraries, and many more things, they explain it really well on the website page for this tool.

So we can read right here about all of the details that this tool has. We cannot, as they have over seventeen hundred plugins. Each one of them used to recognize something different. So they use these plugins to perform the scan on the website and discover what technologies does that

website run.


What is important for us is the second paragraph since down here, it tells us that the level of aggression called stealthy is the fastest and requires only one HTTP request of a website.

Now, what this simply means is that this WHATFOR tool has different levels for scanning, and the default level is the level of aggression that is called stealthy, which we can use on any website that we want.




The other levels of scanning are more aggressive and should only be performed during penetration tests. So we should not use the more aggressive scans on the websites that we do not have permission to scan. We can, however, use the stealth can on any website that we want on the Internet.

Then don't worry, we are going to see all of these options in just a second for now. It's good that we know what we can or cannot do. So let's test this tool out in our clinics.


To do it, open up your terminal, and to check out all of the options we can do with WhatsApp, you can

simply just type what while in your terminal and press enter. This will give you a smaller health menu with some of the basic features that Fastweb has, as we can see. We can specify targets which can be anything from Earles Hostname or IP addresses.


Here is that aggression level, which we specify like this. There is the aggression level one, which is stealthy, and the aggression level three, which is aggressive. The default level is level one, which is good to notice, so we don't want to change this if we can a random website on the Internet, we can also list all of the plugins that it uses. But we are not currently interested in this and we can have also other both output.


But these are just some of the options for the world to get even more available options with what web

we can type the command, what web, dash, dash, help press, enter. And this will give us a much larger help manual with all of the possible options that we can use for what web.

And down here. Here is the aggression level.

We can see besides the stealthy, if we are going to use on random websites and besides the aggressive scan that you would use in a penetration test, there is an even more aggressive scan called heavy. And it says right here makes a lot of HTTP requests, but target URLs from all plugins are attempted. So this is basically the deepest scan that what Web tool can perform on a website up here are also the targets.


So we specify a target first. And if I go all the way down. You will notice right here we got some of the examples of usage of what whip? So we can see right here that the most simple example is running water and then the domain name. So for the first run, let us go with this one, we're only going to specify website as an option, so just type down here what web? And since we are using the aggression level one, we can scan any Web site that we want. So I'm going to go with this one.

And this is just another university Web site from my country. Feel free to scan any Web site that you want, or you can also go with this one if you would like. If I press here, enter in just a few seconds, we should get a response for this website.


And here it is, we already got something, we got two responses is we can see by the links right here

the command has finished executing. So let us just go through these results and see what we got.

It tells us that it most likely performed the redirect as soon as we tried getting this link. We can also see that we got the Apache Web server. We even get the version, which is two point four point six.

We got some cookies right here, which the website uses. We got from which country it is, which type of HTTP server it uses. If I go down here, here is the IP address of this website.

Here's the version that they use. And this redirects location.

If you remember, I told you that it most likely redirected us to a different page. Here is to where it redirected us. And once we got redirected, we got a response of two hundred. OK, and this is just a response code that tells us that we successfully loaded a page. We got the same Apache version, the bootstrap version, which is it uses down here, we got the country and we also managed to extract some of the emails. As we can see down here, these are some of the emails from the page that belong to this domain down here. We also see that it uses HTML five, which HTTP server it has, which Apache version it has, once again, which version of the IP address. It also uses a very lightbox and a bunch of other things we can see right here. But I don't really like how this is outputted. It is hard to read to output this a little bit prettier. We can use this verbose option that I saw in the help menu.

Here it is.


And what this option does is it also includes plug-in descriptions. It will also tell us for each plugin that what web tool managed to discover. It will tell us what exactly that plugin is. So let's try that. If I typed Waldwick and then the same website, but I add dash the option at the end and press enter. It will pretty much give us the same result, just it will be outputted a whole lot better and easier to read if I scroll all the way up to the beginning of the comment. Remember, we got two responses. Here is the IP address, and this is the first request or first response that tells us to move to the actual website. So the redirect response.


We get all of this information that we got previously, but we also get this section right here which

says detected plugins. And for example, if we didn't know about the patch was we could read right here what Apache is. And down here we get the version that this website has of the Apache.

We also get cookies. Same thing for HTP server, we can see which operating system, which celebrities, which virginities. It tells us right here what B is. For example, if we didn't know PCP's a widely-used general-purpose scripting language, redirect location. So after this request, it redirects us to this location. And down here, we get the response, two hundred for the actual page.

We get once again the country, the IP address, and all of the detected plugins, and we can read through

this and discover what is this website running? And it is outputted a whole lot better and easier to read than the previous comment. OK, good.

So we managed to get the information as to what a certain Web site is running, which technologies it

has, and in the next video, we're going to deeply go into this tool and try to perform some of the more aggressive scans, as well as experiment with some of the different options of what web as well.
Tags:

You might like

View all
Previous Post Next Post
Share to other apps
Copy Post Link