Difference between revisions of "CMS Identification Menggunakan whatweb"

From OnnoWiki
Jump to navigation Jump to search
(New page: '''whatweb''' adalah aplikasi yang berguna untuk identifikasi sebuah website. Tidak hanya memunculkan CMS apa yang digunakan, whatweb juga mengidentifikasi web server dan OS server yang di...)
 
 
Line 3: Line 3:
 
Penggunaan whatweb secara standar.
 
Penggunaan whatweb secara standar.
  
[[File:Whatweb.png]]
+
[[Image:Whatweb.png]]
  
 
  root@batik:/pentest/enumeration/web/whatweb# ruby1.8 whatweb http://bt.foo.org/books
 
  root@batik:/pentest/enumeration/web/whatweb# ruby1.8 whatweb http://bt.foo.org/books

Latest revision as of 13:47, 17 July 2011

whatweb adalah aplikasi yang berguna untuk identifikasi sebuah website. Tidak hanya memunculkan CMS apa yang digunakan, whatweb juga mengidentifikasi web server dan OS server yang digunakan serta memunculkan alamat email yang tertera di website.

Penggunaan whatweb untuk Identifikasi CMS

Penggunaan whatweb secara standar.

Whatweb.png

root@batik:/pentest/enumeration/web/whatweb# ruby1.8 whatweb http://bt.foo.org/books
Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.
http://bt.foo.org/books [301] HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], RedirectLocation[1], Apache[2.2.14], IP[127.0.1.1], Title[301 Moved Permanently], Country[RESERVED][ZZ]
http://bt.foo.org/books/ [200] WordPress[3.1.4], MetaGenerator[WordPress 3.1.4], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], x-pingback[,http://batik/books/xmlrpc.php], UncommonHeaders[x-pingback], Apache[2.2.14], IP[127.0.1.1], PHP[5.3.2-1ubuntu4.9], X-Powered-By[PHP/5.3.2-1ubuntu4.9], Title[ root], Email[pagvac@gnucitizen.org,thomas@habets.pp.se,vh@thc.org], Country[RESERVED][ZZ]

Penggunaan whatweb dengan option -v (verbose) akan memberikan hasil secara detail.

root@batik:/pentest/enumeration/web/whatweb# ruby1.8 whatweb -v http://bt.foo.org/books
Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.
bt.foo.org/books [301]
http://bt.foo.org/books [301] HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], RedirectLocation[2], Apache[2.2.14], IP[127.0.1.1], Title[301 Moved Permanently], Country[RESERVED][ZZ]
URL    : http://bt.foo.org/books
Status : 301
   Apache ---------------------------------------------------------------------
	Description: The Apache HTTP Server Project is an effort to develop and 
	             maintain an open-source HTTP server for modern operating 
	             systems including UNIX and Windows NT. The goal of this 
	             project is to provide a secure, efficient and extensible 
	             server that provides HTTP services in sync with the current 
	             HTTP standards. - homepage: http://httpd.apache.org/ 
	Version    : 2.2.14

   Country --------------------------------------------------------------------
	Description: GeoIP IP2Country lookup. To refresh DB, replace 
	             IpToCountry.csv and remove country-ips.dat. GeoIP database 
	             from http://software77.net/geo-ip/. Local IPv4 addresses 
	             are represented as ZZ according to an ISO convention. 
	             Lookup code developed by Matthias Wachter for rubyquiz.com 
	             and used with permission. 
	Module     : ZZ
	String     : RESERVED

   HTTPServer -----------------------------------------------------------------
	Description: HTTP server header string 
	Os         : Ubuntu Linux
	String     : Apache/2.2.14 (Ubuntu) (from server string)

   IP -------------------------------------------------------------------------
	Description: IP address of the target, if available. 
	String     : 127.0.1.1

   RedirectLocation -----------------------------------------------------------
	Description: HTTP Server string location. used with http-status 301 and 
	             302 
	String     : http://bt.foo.org/books/ (from location)

   Title ----------------------------------------------------------------------
	Description: The HTML page title 
	String     : 301 Moved Permanently (from page title)

bt.foo.org/books/ [200]
http://bt.foo.org/books/ [200] WordPress[3.1.4], MetaGenerator[WordPress 3.1.4], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], x-pingback[,http://batik/books/xmlrpc.php], UncommonHeaders[x-pingback], Apache[2.2.14], IP[127.0.1.1], PHP[5.3.2-1ubuntu4.9], X-Powered-By[PHP/5.3.2-1ubuntu4.9], Title[ root], Email[pagvac@gnucitizen.org,thomas@habets.pp.se,vh@thc.org], Country[RESERVED][ZZ]
URL    : http://bt.foo.org/books/
Status : 200
   Apache ---------------------------------------------------------------------
	Description: The Apache HTTP Server Project is an effort to develop and 
	             maintain an open-source HTTP server for modern operating 
	             systems including UNIX and Windows NT. The goal of this 
	             project is to provide a secure, efficient and extensible 
	             server that provides HTTP services in sync with the current 
	             HTTP standards. - homepage: http://httpd.apache.org/ 
	Version    : 2.2.14

   Country --------------------------------------------------------------------
	Description: GeoIP IP2Country lookup. To refresh DB, replace 
	             IpToCountry.csv and remove country-ips.dat. GeoIP database 
	             from http://software77.net/geo-ip/. Local IPv4 addresses 
	             are represented as ZZ according to an ISO convention. 
	             Lookup code developed by Matthias Wachter for rubyquiz.com 
	             and used with permission. 
	Module     : ZZ
	String     : RESERVED

   Email ----------------------------------------------------------------------
	Description: Extract email addresses. Find valid email address and 
	             syntactically invalid email addresses from mailto: link 
	             tags. We match syntactically invalid links containing 
	             mailto: to catch anti-spam email addresses, eg. bob at 
	             gmail.com. This uses the simplified email regular 
	             expression from 
	             http://www.regular-expressions.info/email.html for valid 
	             email add 
	String     : pagvac@gnucitizen.org,thomas@habets.pp.se,vh@thc.org

   HTTPServer -----------------------------------------------------------------
	Description: HTTP server header string 
	Os         : Ubuntu Linux
	String     : Apache/2.2.14 (Ubuntu) (from server string)

   IP -------------------------------------------------------------------------
	Description: IP address of the target, if available. 
	String     : 127.0.1.1

   MetaGenerator --------------------------------------------------------------
	Description: This plugin identifies meta generator tags and extracts its 
	             value. 
	String     : WordPress 3.1.4

   PHP ------------------------------------------------------------------------
	Description: PHP is a widely-used general-purpose scripting language 
	             that is especially suited for Web development and can be 
	             embedded into HTML. - homepage: http://www.php.net/ 
	Version    : 5.3.2-1ubuntu4.9

   Title ----------------------------------------------------------------------
	Description: The HTML page title 
	String     :  root (from page title)

   UncommonHeaders ------------------------------------------------------------
	Description: Uncommon HTTP server headers. The blacklist includes all 
	             the standard headers and many non standard but common ones. 
	             Interesting but fairly common headers should have their own 
	             plugins, eg. x-powered-by, server and x-aspnet-version. 
	             Info about headers can be found at www.http-stats.com 
	String     : x-pingback (from headers)

   WordPress ------------------------------------------------------------------
	Description: WordPress is an opensource blogging system commonly used as 
	             a CMS. Homepage: http://www.wordpress.org/ 
	Version    : 3.1.4

   X-Powered-By ---------------------------------------------------------------
	Description: X-Powered-By HTTP header 
	String     : PHP/5.3.2-1ubuntu4.9 (from x-powered-by string)

   x-pingback -----------------------------------------------------------------
	Description: A pingback is one of three types of linkbacks, methods for 
	             Web authors to request notification when somebody links to 
	             one of their documents. This enables authors to keep track 
	             of who is linking to, or referring to their articles. Some 
	             weblog software, such as Movable Type, Serendipity, 
	             WordPress and Telligent Community, support automatic 
	             pingbacks 
	String     : ,http://batik/books/xmlrpc.php

Pranala Menarik