whatweb是backtrack下的一款Web识别工具,位于

Applications-->BackTrack-->Information Gathing-->Web Application Analysis-->CMS identification-->whatweb

  

初次使用,我们需在终端下输入

update-alternatives --config ruby

  切换为ruby,再输入编号0

root@bt:/pentest/enumeration/web/whatweb# update-alternatives --config ruby
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
------------------------------------------------------------
  0            /usr/bin/ruby1.8     500       auto mode
  1            /usr/bin/ruby1.8     500       manual mode
* 2            /usr/bin/ruby1.9.2   400       manual mode 
Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.

  现在我用whatweb看些自己blog的信息:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb www.evilxr.com
Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.
http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]

  也可以加参数再看下:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v www.evilxr.com
Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.
www.evilxr.com/ [200]
http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]
URL    : http://www.evilxr.com
Status : 200
   ASP.NET --------------------------------------------------------------------
	Description: ASP.NET is a free web framework that enables great Web 
	             applications. Used by millions of developers, it runs some 
	             of the biggest sites in the world. - homepage: 
	             http://www.asp.net/ 

   HTML5 ----------------------------------------------------------------------
	Description: HTML version 5, detected by the doctype declaration 

   HTTPServer -----------------------------------------------------------------
	Description: HTTP server header string 
	String     : Microsoft-IIS/6.0 (from server string)

   IP -------------------------------------------------------------------------
	Description: IP address of the target, if available. 
	String     : 192.126.119.48

   JQuery ---------------------------------------------------------------------
	Description: Javascript library 
	Version    : 1.11.0

   MetaGenerator --------------------------------------------------------------
	Description: This plugin identifies meta generator tags and extracts its 
	             value. 
	String     : WordPress 3.9.1

   Microsoft-IIS --------------------------------------------------------------
	Description: Microsoft Internet Information Services (IIS) for Windows 
	             Server is a flexible, secure and easy-to-manage Web server 
	             for hosting anything on the Web. From media streaming to 
	             web application hosting, IIS's scalable and open 
	             architecture is ready to handle the most demanding tasks. - 
	             homepage: http://www.iis.net/ 
	Version    : 6.0

   Mobile-Website -------------------------------------------------------------
	Description: This plugin detects websites designed for mobile devices. 

   PHP ------------------------------------------------------------------------
	Description: PHP is a widely-used general-purpose scripting language 
	             that is especially suited for Web development and can be 
	             embedded into HTML. - homepage: http://www.php.net/ 
	Version    : 5.2.17

   Title ----------------------------------------------------------------------
	Description: The HTML page title 
	String     : Evilxr: Just for fun. (from page title)

   UncommonHeaders ------------------------------------------------------------
	Description: Uncommon HTTP server headers. The blacklist includes all 
	             the standard headers and many non standard but common ones. 
	             Interesting but fairly common headers should have their own 
	             plugins, eg. x-powered-by, server and x-aspnet-version. 
	             Info about headers can be found at www.http-stats.com 
	String     : x-pingback (from headers)

   WordPress ------------------------------------------------------------------
	Description: WordPress is an opensource blogging system commonly used as 
	             a CMS. Homepage: http://www.wordpress.org/ 
	Version    : 3.9.1

   X-Powered-By ---------------------------------------------------------------
	Description: X-Powered-By HTTP header 
	String     : ASP.NET, PHP/5.2.17 (from x-powered-by string)

   x-pingback -----------------------------------------------------------------
	Description: A pingback is one of three types of linkbacks, methods for 
	             Web authors to request notification when somebody links to 
	             one of their documents. This enables authors to keep track 
	             of who is linking to, or referring to their articles. Some 
	             weblog software, such as Movable Type, Serendipity, 
	             WordPress and Telligent Community, support automatic 
	             pingbacks 
	String     : ,http://www.evilxr.com/xmlrpc.php