WhatWeb tutorials, graphic tutorials (super detailed)

"Author's homepage": Shibie Sanri wyx
"Author's profile": CSDN top100, Alibaba Cloud blog expert, Huawei cloud sharing expert, high-quality creator in the field of network security
"Recommended column": Friends who are interested in network security can pay attention to the column "Introduction to Mastery of Network Security"

WhatWeb is a fingerprint identification tool, developed in Ruby language, and comes with Kali.

1. Scan the fingerprint of the website

whatweb IP/域名Scan the fingerprint of the specified website.

-vparameter, can return detailed information

2. Scanning intensity

-aThe parameter specifies the scan level.

WhatWeb has 4 scanning levels, selected by numbers 1~4, the default is 1:

• 1 will only send 1 http request.
• 2 not available, under development
• 3 will send a small number of http requests.
• 4 will send a lot of http requests, will try every plugin.

3. Scanning intranet hosts

whatweb --no-errors -t 255 192.168.31.0/24Scan the specified intranet segment.

4. Batch scanning

When scanning multiple different websites, save the website domain name/IP to a file, and use -iparameters to specify the scanned file.

You can use # to comment out the IP/domain name that you don't want to scan.

5. Export scan results

whatweb www.fjrshg.com --log-xml=result.xmlExport the scan results to a file, which is placed in the current path by default.

The exported file format can be customized, and the commonly used formats are as follows:

--log-brief           		简单的记录，每个网站只记录一条返回信息
--log-verbose            	详细输出
--log-xml            		xml格式的日志
--log-json            		json格式记录日志（需要安装json依赖sudo gem install json）
--log-json-verbose          详细的json日志
--log-magictree             xml的树形结构
--log-object	            ruby对象格式
--log-mongo-database        mongo数据库格式

Six, WhatWeb plug-ins

WhatWeb uses plugins to match fingerprints, whatweb -lsee the list of plugins.

whatweb --info-plugins="插件名"View information about the specified plugin.

A plug-in is essentially .rba file, stored in /usr/share/whatweb/plugins/the directory , and a file corresponds to a plug-in, which means that WhatWeb has more than a thousand plug-ins.

We can view the files to learn other people's plug-ins, or write our own plug-ins according to the format in the figure.

6. Overview of WhatWeb commands

whatweb --version				# 查看版本
whatweb -l						# 查看所有插件
whatweb --info-plugins="html5"	# 查看指定插件
whatweb baidu.com			# 扫描网站
whatweb 192.168.31.1/24		# 扫描网段
whatweb -i "/root/test.txt"	# 批量扫描
whatweb baidu.com -v		# 显示详细的扫描信息
whatweb baidu.com -a 1								# 指定扫描级别
whatweb baidu.com --url-suffix=":80"				# 指定扫描端口（默认80）
whatweb baidu.com --proxy-user admin:password		# 指定登录账号:密码
whatweb baidu.com -c='PHPSESSID=031;security=low'	# 指定cookie
whatweb baidu.com --max-threads=60					# 指定最大进程数
whatweb baidu.com --log-xml="result.xml"	# 导出结果