Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: WhatWeb - website fingerprinting

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    Christchurch, New Zealand
    Posts
    5

    Default WhatWeb - website fingerprinting

    Do you want to add WhatWeb to BackTrack?

    Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these hints and reports what it finds.

    Download from WhatWeb

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    15

    Default Re: WhatWeb - website fingerprinting

    Heya Andrew,

    i read your KiwiConIII talk at exploit-db. I tried whatweb and wanted to recommend it to the bt admins. After soem searching i found this thread, and now i just want to give you some regards for your good work, and try to encourage the admins to include whatweb into backtrack.

    so admins: mr. urbanadventurer build a very nice and handy tool to automatically fingerprint sites. that come in handy to determine vulnerable cms versions in your daily audit work! just give it a look.

    greetings
    Seebaer

  3. #3
    Member
    Join Date
    Feb 2007
    Posts
    229

    Default Re: WhatWeb - website fingerprinting

    Looks interesting, i am however getting a ruby error. Seems to have some issues parsing the required gems list. I looked over the README page and the site (same thing pretty much), they dont have pre-req's listed. What else do i need installed for this to work right? Thx

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    15

    Default Re: WhatWeb - website fingerprinting

    @RageLtMan:

    There is a file called INSTALL which provides you a pretty nice step-by-step guide to install this tool:

    Code:
    1. Install Ruby
    ---------------------------------------
    sudo apt-get install ruby
    
    
    2. BackTrack 4 BETA or Ubuntu 8.04 (Warning this will remove all your gems)
    ------------------------------------
    wget http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz
    tar xzvf rubygems-1.3.1.tgz
    cd rubygems-1.3.1
    sudo ruby setup.rb
    sudo ln -s /usr/bin/gem1.8 /usr/bin/gem
    sudo gem update --system
    
    
    3. Install Anemone, Spidering library
    ---------------------------------------
    sudo apt-get install libxslt-ruby
    sudo apt-get install libxslt1-dev
    sudo gem install anemone

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: WhatWeb - website fingerprinting


  6. #6
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default Re: WhatWeb - website fingerprinting

    Did this make it into the SVN? It's a great tool.
    "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Albert Einstein

  7. #7
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default Re: WhatWeb - website fingerprinting

    Theres a 4.5 release now.
    "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Albert Einstein

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: WhatWeb - website fingerprinting

    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: WhatWeb - website fingerprinting

    Thanks thorin, and swfu we are working to get this new version integrated.
    Thanks.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Just burned his ISO
    Join Date
    Mar 2010
    Location
    Christchurch, New Zealand
    Posts
    5

    Default Re: WhatWeb - website fingerprinting

    WhatWeb is currently installed in BackTrack in the wrong location. In the BT KDE menu it is found in Information Gathering -> Search Engines. As WhatWeb doesn't make use of search engines to perform web scanning and identification I think it's more appropriate to put it in Web Application Analysis -> Web (frontend).

    I recommend installing it under /pentest/web/whatweb/ and combining /pentest/enumeration/www/ with the /pentest/web folder.

    To install WhatWeb so it can be used from any working path without running Make install which puts it in /usr/local/bin and /usr/share/whatweb do the following:

    Code:
     ln -s  /pentest/enumeration/www/whatweb/whatweb /usr/local/bin/
    Edit whatweb:
    change:
    Code:
    $LOAD_PATH << "/usr/share/whatweb"
    to:
    Code:
    $LOAD_PATH << "/pentest/enumeration/www/whatweb"
    I'm keen to hear any feedback or suggestions you have for WhatWeb

Page 1 of 2 12 LastLast

Similar Threads

  1. Website fields go black when clicked....
    By squishyalt in forum Beginners Forum
    Replies: 2
    Last Post: 02-08-2010, 02:14 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •