Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level we will cover at least one tool from each module.
Today we will look at WHATWEB — A web scanner to identify Content Management System.
WhatWeb can identify any popular CMS from its large CMS database. It has also power to identify javascript library for example jQuery or YUI. When we visit any website there are some hidden parameters from which we can identify any CMS easily. For example if we are using WordPress then visible identification is “Powered By:WordPress” By looking at view source some visible information is having folders named “wp-contents” or META GENERATOR tag
Apart from CMS name, WhatWeb can identify email address, account id. WhatWeb hase both passive and active plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.
Active plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
WhatWeb has extensive logging mechanism which can give 3 types of output (Brief logging, Full logging, XML logging)
WhatWeb required Ruby 1.8 to run. In video I have demonstrated whatweb <url> and whatweb —v <url> command. —v will give result in verbose mode.
More on what web: http://www.morningstarsecurity.com/research/whatweb