Information Gathering — Web Application Analysis

Reading Time: 3  min

Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level we will cover at least one tool from each module.

Today we will look at WHATWEB — A web scanner to identify Content Management System.

WhatWeb can identify any popular CMS from its large CMS database. It has also power to identify javascript library for example jQuery or YUI. When we visit any website there are some hidden parameters from which we can identify any CMS easily. For example if we are using WordPress then visible identification is “Powered By:WordPress” By looking at view source some visible information is having folders named “wp-contents” or META GENERATOR tag

Apart from CMS name, WhatWeb can identify email address, account id. WhatWeb hase both passive and active plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

Active plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.

WhatWeb has extensive logging mechanism which can give 3 types of output (Brief logging, Full logging, XML logging)

WhatWeb required Ruby 1.8 to run. In video I have demonstrated whatweb <url> and whatweb —v <url> command. —v will give result in verbose mode.

More on what web: http://www.morningstarsecurity.com/research/whatweb

Stay Updated
Please enable JavaScript in your browser to complete this form.
LinkedIn
Share
Copy link
URL has been copied successfully!

Other stories you may enjoy...

The Internet: Then and Now

It has been a big week in tech. Not only did we have the Google I/O keynote yesterday (last week’s blog covered that in more detail), but also Kleiner Perkins Caufield &...

Secure Your WordPress | Tool Explained wpscan

WordPress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to...

Vulnerability Assessment IV

Scan Types: Central Scan or Individual Scan? It is always the question which type of scan is more effective? Both scans have pros and cons. For example Central Scan is...