Till now we have seen theory part of web application security. Now I will try to include various ethical hacking/ penetration testing aspects with visual / video. At initial level we will cover at least one tool from each module.
Today we will look at WHATWEB — A web scanner to identify Content Management System.
Apart from CMS name, WhatWeb can identify email address, account id. WhatWeb hase both passive and active plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.
Active plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
WhatWeb has extensive logging mechanism which can give 3 types of output (Brief logging, Full logging, XML logging)
WhatWeb required Ruby 1.8 to run. In video I have demonstrated whatweb <url> and whatweb —v <url> command. —v will give result in verbose mode.
More on what web: http://www.morningstarsecurity.com/research/whatweb