Friday, April 30, 2010

Install WhatWeb 0.4.2 in BT4

Quick guide to get Whatweb going in BT4
WhatWeb is a "Next generation web scanner. Identify what websites are running."

First and foremost grab some shell in BT, and get the tar.gz:

root@dorkbox:/pentest/enumeration# wget http://www.morningstarsecurity.com/downloads/whatweb-0.4.2.tar.gz

Next unpack the archive:

root@dorkbox:/pentest/enumeration# tar xvf whatweb*

Remove the archive, and change into the new directory:

root@dorkbox:/pentest/enumeration# rm -f whatweb-0.4.2.tar.gz
root@dorkbox:/pentest/enumeration# cd whatweb*
root@dorkbox:/pentest/enumeration/whatweb-0.4.2#

Next read the Install file.

root@dorkbox:/pentest/enumeration/whatweb-0.4.2# cat INSTALL | less

As you can see by the install file it mentions using ruby 1.9
Well BT4 comes with Ruby 1.8.7 I am not sure if this will make a difference since there is no mention in the documentation nor the website of any type of dependencies. So far during my experiments with WhatWeb, I have not seen any problems. YMMV. There is also mention to a couple other packages but these are already included in BT4 so no problems there.

As for using the program see also the readme.
The readme will contain a good bit of info on using whatweb.

root@dorkbox:/pentest/enumeration/whatweb-0.4.2# cat README | less


But as an example of some generic output:

root@bt:/pentest/enumeration/whatweb# ./whatweb examplewebsite.com
http://examplewebsite.com [301] title[301 Moved Permanently], server-header[Apache], redirect-location[http://www.examplewebsite.com/], md5[0670664f17b872398a96c6a58e812c2d], header-hash[0671564f07b972398a96c6a58e812c2d]
http://examplewebsite.com/ [200] Google-Analytics-GA[791888], Joomla[1.4], server-header[Apache], meta-generator[Joomla! 1.4 - Open Source Content Management], title[Example Websites Design], md5[fcb3ec0df12e54dfdef2e991a24f1c1], footer-hash[a19d726fa5771113aceaec0c61b1bf8ea7], div-span-structure[e56dd07d6f482ee11342e4ea99a9e6a8], header-hash[4379923363b07114470bde23484214e3f]
root@bt:/pentest/enumeration/whatweb#


As a side note the above is not a real website.
Thanks to http://www.morningstarsecurity.com and Andrew Horton aka urbanadventurer
Have fun and remember don't mess with networks that you don't have permission for.
Posted by at
Labels: , , ,

2 comments:

Anonymous said...

thanks u a lot!

September 1, 2010 at 12:43 PM
Vasanth said...

Hello, Can you please help me, How to install whatweb on windows environment?

December 2, 2012 at 11:38 PM

Post a Comment

Subscribe to: Post Comments (Atom)