Des 22 2012

whatweb Backtrack 5R3

Whatweb adalah enumeration web information gathering tools yang memiliki
kemampuan untuk untuk mencari informasi – informasi DNS, Lokasi server, sub-
domain , negara pemilik situs , email dalam domain tersebut :D dan masih bannyak lagi yang lain

okeh langsung aja buka console

root@xsan-lahci :~# cd /pentest/enumeration/web/whatweb

001 root@xsan-lahci:/pentest/enumeration/web/whatweb# ./whatweb -h
002
003 .$$$     $.                                   .$$$     $.
004  $$$$     $$. .$$$  $$$ .$$$$$$.  .$$$$$$$$$$. $$$$     $$. .$$$$$$$. .$$$$$$.
005  $ $$     $$$ $ $$  $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$     $$$ $ $$   $$ $ $$$$$$.
006  $ `$     $$$ $ `$  $$$ $ `$  $$$ $$' $ `$ `$$ $ `$     $$$ $ `$      $ `$  $$$'
007  $. $     $$$ $. $$$$$$ $. $$$$$$ `$  $. $  :' $. $     $$$ $. $$$$   $. $$$$$.
008  $::$  .  $$$ $::$  $$$ $::$  $$$     $::$     $::$  .  $$$ $::$      $::$  $$$$
009  $;;$ $$$ $$$ $;;$  $$$ $;;$  $$$     $;;$     $;;$ $$$ $$$ $;;$      $;;$  $$$$
010  $$$$$$ $$$$$ $$$$  $$$ $$$$  $$$     $$$$     $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
011
012 WhatWeb - Next generation web scanner.
013  Version 0.4.8 by Andrew Horton aka urbanadventurer from Security-Assessment.com
015
016 Usage: whatweb [options] <URLs>
017
018 TARGET SELECTION:
019  <URLs>        Enter URLs, filenames or nmap-format IP ranges.
020  Use /dev/stdin to pipe HTML directly
021  --input-file=FILE, -i    Identify URLs found in FILE, eg. -i /dev/stdin
022  --url-prefix        Add a prefix to target URLs
023  --url-suffix        Add a suffix to target URLs
024  --url-pattern        Insert the targets into a URL. Requires --input-file,
025  eg. www.example.com/%insert%/robots.txt
026  --example-urls, -e    Add example URLs for each selected plugin to the target
027  list. By default will add example URLs for all plugins.
028
029 AGGRESSION LEVELS:
030  --aggression, -a=LEVEL The aggression level controls the trade-off between
031  speed/stealth and reliability. Default: 1
032  Aggression levels are:
033  1 (Passive)    Make one HTTP request per target. Except for redirects.
034  2 (Polite)    Reserved for future use
035  3 (Aggressive)    Triggers aggressive plugin functions only when a
036  plugin matches passively.
037  4 (Heavy)    Trigger aggressive functions for all plugins. Guess a
038  lot of URLs like Nikto.
039
040 HTTP OPTIONS:
041  --user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.8.
042  --user, -u=<user:password> HTTP basic authentication
043  --header, -H        Add an HTTP header. eg "Foo:Bar". Specifying a default
044  header will replace it. Specifying an empty value, eg.
045  "User-Agent:" will remove the header.
046  --follow-redirect=WHEN Control when to follow redirects. WHEN may be `never',
047  `http-only', `meta-only', `same-site', `same-domain'
048  or `always'. Default: always
049  --max-redirects=NUM    Maximum number of contiguous redirects. Default: 10
050
051 PROXY:
052  --proxy        <hostname[:port]> Set proxy hostname and port
053  Default: 8080
054  --proxy-user        <username:password> Set proxy user and password
055
056 PLUGINS:
057  --plugins, -p        Comma delimited set of selected plugins. Default is all.
058  Each element can be a directory, file or plugin name and
059  can optionally have a modifier, eg. + or -
060  Examples: +/tmp/moo.rb,+/tmp/foo.rb
061  title,md5,+./plugins-disabled/
062  ./plugins-disabled,-md5
063  -p + is a shortcut for -p +plugins-disabled
064  --list-plugins, -l    List the plugins
065  --info-plugins, -I    Display information for all plugins. Optionally search
066  with keywords in a comma delimited list.
067  --grep, -g        Search for a string. Reports in a plugin called Grep
068  --custom-plugin    Define a custom plugin called Custom-Plugin,
069  Examples: ":text=>'powered by abc'"
070  ":regexp=>/powered[ ]?by ab[0-9]/"
071  ":ghdb=>'intitle:abc \"powered by abc\"'"
072  ":md5=>'8666257030b94d3bdb46e05945f60b42'"
073  "{:text=>'powered by abc'},{:regexp=>/abc [ ]?1/i}"
074  --dorks        <plugin name>    List google dorks for the selected plugin
075
076 LOGGING & OUTPUT:
077  --verbose, -v        Increase verbosity, use twice for plugin development.
078  --colour,--color=WHEN    control whether colour is used. WHEN may be `never',
079  `always', or `auto'
080  --quiet, -q        Do not display brief logging to STDOUT
081  --log-brief=FILE    Log brief, one-line output
082  --log-verbose=FILE    Log verbose output
083  --log-xml=FILE    Log XML format
084  --log-json=FILE    Log JSON format
085  --log-sql=FILE    Log SQL INSERT statements
086  --log-sql-create=FILE    Create SQL database tables
087  --log-json-verbose=FILE Log JSON Verbose format
088  --log-magictree=FILE    Log MagicTree XML format
089  --log-object=FILE    Log Ruby object inspection format
090  --log-mongo-database    Name of the MongoDB database
091  --log-mongo-collection Name of the MongoDB collection. Default: whatweb
092  --log-mongo-host    MongoDB hostname or IP address. Default: 0.0.0.0
093  --log-mongo-username    MongoDB username. Default: nil
094  --log-mongo-password    MongoDB password. Default: nil
095  --log-errors=FILE    Log errors
096  --no-errors        Suppress error messages
097
098 PERFORMANCE & STABILITY:
099  --max-threads, -t    Number of simultaneous threads. Default: 25.
100  --open-timeout    Time in seconds. Default: 15
101  --read-timeout    Time in seconds. Default: 30
102  --wait=SECONDS    Wait SECONDS between connections
103  This is useful when using a single thread.
104
105 HELP & MISCELLANEOUS:
106  --help, -h        This help
107  --debug        Raise errors in plugins
108  --version        Display version information. (WhatWeb 0.4.8)
109
110 EXAMPLE USAGE:
111  whatweb example.com
112  whatweb -v example.com
113  whatweb -a 3 example.com
114  whatweb 192.168.1.0/24

gampangkan caranya? langsung nih liat dibawah
bt@xsan-lahci:/pentest/enumeration/web/whatweb# ./whatweb -v (target.com)

wew perhatikan gambar dibawah ini


oke ane jelasin yah nomer yg ada di gambar itu

no 1.target pake free framwork jenis ASP_NET

no 2.webnya pake plugin adobe-flash

no 3.yap .il domain israel , negara dimana target berada

no 4.waaaw dapet email domain dan email gmail ternyata haha

eeeh next bahas screenshot kedua dibawah ini


oke ane jelasin yah nomer-nomer pada gambar di atas

no 1.target ternyata pake server windows IIS/7.0 (kenapa ga pake linux ya?) auamat aah wakakak

no 2.ip target

no 3.Metta Author dari si target

no 4.sama seperti penjelasan no 1

no 5.target pake PHP versi 5.2.6

okeh next picture

no 1.yap target menyediakan password field (explore sendiri ya cara nemuin passwordnya hahaha)

no 2.wew karena target dari israel buat judul site mereka pergunain bahasa ibrani,wakaka yaiyalah kl dari jakarta pake bahasa betawi wakakaka

no 3.XPowered-by PHP/5.2.6, ASP.NET

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Gravatar
Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Batal

Connecting to %s