-
Notifications
You must be signed in to change notification settings - Fork 906
Related Projects
WhatWeb is unique however there are some web projects with the same goal of identifying a website.
hscan is a multithreaded http scanner, written in perl by MasterCJ. It fingerprints web servers/devices, tries very simple dictionary password attacks and identifies some common web apps. It is designed to be easy to use, add data to and update. Unlike WhatWeb, hscan fingerprints using only the HTTP server
header which can be spoofed, however it works as described for embedded devices.
multi-threaded scanner for webdav-enabled servers
This little perl script finds WebDAV enabled servers by sending a HTTP options
requests and checking for WebDAV options. WhatWeb on the other hand will return the WebDAV version if WebDAV
is present in the HTTP server
header.
WhatWeb enumerates the allowed HTTP methods by passively checking for the HTTP allow
header, where as Metoscan works by testing a URL and checking the responses for the different probes.
Web application developers sometimes fail to add safe checks against authentications, file inclusion, etc which are prone to reveal possible sensitive information when those applications' URLs are directly requested. Sometimes, it's a clue to Local File Inclusion vulnerability.
inspathx is a tool which uses a copy of an application's source tree to make requests for files in known locations and search for path inclusion error messages. Example output :
- http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_wp_.log
- http://inspathx.googlecode.com/svn/trunk/sample_logs/localhost_mambo_.log
WhatWeb will automatically extract local file paths from PHP errors. WhatWeb searches for error patterns in a page (or multiple pages in recursive mode) which are linked from the target URL. Some WhatWeb plugins also extract the local file path using known information disclosure vulnerabilities within the target application. You can fill this gap by using the inspathx path lists in WhatWeb with --url-pattern
For example to run the wordpress-3.0.4
inspathx plugin against wordpress.com
:
cat /path/to/inspathx/paths/wordpress-3.0.4 | egrep -v "^#" | ./whatweb -i /dev/stdin --url-pattern wordpress.com/%insert%
The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. WhatWeb doesn't currently possess much of known application version fingerprints. Although Blind Elephant is similar to WhatWeb's aggressive mode, the main purpose of WhatWeb is to identify as many as applications as possible regardless of versioning information.
WAFP - Web Application Finger Printing
WAFP identifies systems by requesting a large quantity of URLs and comparing md5 sums of the results against a database. This method is reliable for known systems in the database and it is simple to add new ones. WhatWeb doesn't currently possess much of known application version fingerprints. Although WAFP is similar to WhatWeb's aggressive mode, the main purpose of WhatWeb is to identify as many as applications as possible regardless of versioning information.
Wappalyzer, a firefox plugin, identifies software using 1 regexp for each app. Only looks for obvious identifiers like meta generator tags. Sends all recognized URLs to a DB. Has nice icons. Although WhatWeb covers more depth of checks than Wappalyzer's database, Wappalyzer has some client side checks that WhatWeb is planned to cover in the future.
The purpose of WhatWeb is the same as that of grep and discovery scripts section of w3af. However, w3af focuses more on application auditing. Currently, there are a few overlapping features such as errorPages, error500, metaTags, favicon_identification, serverHeader, serverStatus...etc.
Nmap shows some info about HTTP servers when using version scan, eg. nmap -sV -p80 treshna.com
NMap plugin developers have also been trying for full-fledged web app fingerprintering - http://pastebin.com/jBrMGa7A
Currently these plugins are in development state.
Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.
This tool is an application fingerprint scanner which can identify an HTTP protocol server. It doesn't identify types of HTTP servers.
A web front-end for WhatWeb/0.4.5-stable. Aggression is set to passive
1
. No registration required.
What's that web server running 1.0 (whatweb.exe)
This shares the same name and goal as WhatWeb but ONLY uses the HTTP Server string. For example Apache/2.0.55 (Ubuntu) PHP/5.1.2
. This is similar to hscan however hscan has a far superior fingerprint collection.
Lots of info about HTTP server headers.
Stats of popularity of web stuff.
ShodanHQ maintains a database of HTTP headers for a huge number of public IP addresses. ShodanHQ allows you to search the database and returns the HTTP header and country for IP addresses with headers matching your query. Obtaining more than 10 results per query requires free registration, however this is limited to the first 50 results. Full results requires a payment of US$20.