"Author's homepage": Shibie Sanri wyx
"Author's profile": CSDN top100, Alibaba Cloud blog expert, Huawei cloud sharing expert, high-quality creator in the field of network security
"Recommended column": Friends who are interested in network security can pay attention to the column "Introduction to Mastery of Network Security"
WhatWeb
WhatWeb is a fingerprint identification tool, developed in Ruby language, and comes with Kali.
1. Scan the fingerprint of the website
whatweb IP/域名
Scan the fingerprint of the specified website.
-v
parameter, can return detailed information
2. Scanning intensity
-a
The parameter specifies the scan level.
WhatWeb has 4 scanning levels, selected by numbers 1~4, the default is 1:
- 1 will only send 1 http request.
- 2 not available, under development
- 3 will send a small number of http requests.
- 4 will send a lot of http requests, will try every plugin.
3. Scanning intranet hosts
whatweb --no-errors -t 255 192.168.31.0/24
Scan the specified intranet segment.
4. Batch scanning
When scanning multiple different websites, save the website domain name/IP to a file, and use -i
parameters to specify the scanned file.
You can use # to comment out the IP/domain name that you don't want to scan.
5. Export scan results
whatweb www.fjrshg.com --log-xml=result.xml
Export the scan results to a file, which is placed in the current path by default.
The exported file format can be customized, and the commonly used formats are as follows:
--log-brief 简单的记录,每个网站只记录一条返回信息
--log-verbose 详细输出
--log-xml xml格式的日志
--log-json json格式记录日志(需要安装json依赖sudo gem install json)
--log-json-verbose 详细的json日志
--log-magictree xml的树形结构
--log-object ruby对象格式
--log-mongo-database mongo数据库格式
Six, WhatWeb plug-ins
WhatWeb uses plugins to match fingerprints, whatweb -l
see the list of plugins.
whatweb --info-plugins="插件名"
View information about the specified plugin.
A plug-in is essentially .rb
a file, stored in /usr/share/whatweb/plugins/
the directory , and a file corresponds to a plug-in, which means that WhatWeb has more than a thousand plug-ins.
We can view the files to learn other people's plug-ins, or write our own plug-ins according to the format in the figure.
6. Overview of WhatWeb commands
whatweb --version # 查看版本
whatweb -l # 查看所有插件
whatweb --info-plugins="html5" # 查看指定插件
whatweb baidu.com # 扫描网站
whatweb 192.168.31.1/24 # 扫描网段
whatweb -i "/root/test.txt" # 批量扫描
whatweb baidu.com -v # 显示详细的扫描信息
whatweb baidu.com -a 1 # 指定扫描级别
whatweb baidu.com --url-suffix=":80" # 指定扫描端口(默认80)
whatweb baidu.com --proxy-user admin:password # 指定登录账号:密码
whatweb baidu.com -c='PHPSESSID=031;security=low' # 指定cookie
whatweb baidu.com --max-threads=60 # 指定最大进程数
whatweb baidu.com --log-xml="result.xml" # 导出结果