Difference between revisions of "Webshag"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
− | ==Run== | + | ==Run CLI== |
cd /usr/local/src/webshag | cd /usr/local/src/webshag | ||
− | ./ | + | |
+ | ===pscan=== | ||
+ | |||
+ | ./webshag_cli.py -m pscan <target> | ||
+ | ./webshag_cli.py -m pscan 192.168.0.97 | ||
+ | |||
+ | Hasilnya kira-kira | ||
+ | |||
+ | |||
+ | % webshag 1.10 | ||
+ | % Module: pscan | ||
+ | % Host: 192.168.0.97 | ||
+ | |||
+ | % PORT % 22 (tcp) | ||
+ | % SRVC % ssh | ||
+ | % PROD % OpenSSH | ||
+ | % SYST % Linux | ||
+ | |||
+ | % PORT % 23 (tcp) | ||
+ | % SRVC % telnet | ||
+ | % PROD % Linux telnetd | ||
+ | % SYST % Linux | ||
+ | |||
+ | % PORT % 25 (tcp) | ||
+ | % SRVC % smtp | ||
+ | % PROD % Postfix smtpd | ||
+ | |||
+ | % PORT % 80 (tcp) | ||
+ | % SRVC % http | ||
+ | % PROD % Apache httpd | ||
+ | |||
+ | % PORT % 110 (tcp) | ||
+ | % SRVC % pop3 | ||
+ | % PROD % Dovecot pop3d | ||
+ | |||
+ | % PORT % 139 (tcp) | ||
+ | % SRVC % netbios-ssn | ||
+ | % PROD % Samba smbd | ||
+ | |||
+ | % PORT % 143 (tcp) | ||
+ | % SRVC % imap | ||
+ | % PROD % Dovecot imapd | ||
+ | |||
+ | % PORT % 445 (tcp) | ||
+ | % SRVC % netbios-ssn | ||
+ | % PROD % Samba smbd | ||
+ | |||
+ | % PORT % 3306 (tcp) | ||
+ | % SRVC % mysql | ||
+ | % PROD % MySQL | ||
+ | |||
+ | |||
+ | ===uscan=== | ||
+ | |||
+ | ./webshag_cli.py 192.168.0.97 | ||
+ | |||
+ | Hasilnya kira-kira | ||
+ | |||
+ | % webshag 1.10 | ||
+ | % Module: uscan | ||
+ | % Host(s): 192.168.0.97 | ||
+ | % Port(s): 80 | ||
+ | % Root(s): / | ||
+ | |||
+ | 192.168.0.97 / 80 | ||
+ | |||
+ | % BANNER % Apache/2.4.18 (Ubuntu) => apache | ||
+ | |||
+ | % INFO % FP(/) => 200#text/html#0a9ffb28d87cd72d43789e2c2ea0e596#ade90fe935d00ad54a5a46b818d3529b | ||
+ | |||
+ | % INFO % FP(/1ZiI5Nw5) => 404#text/html#85ec7d654b5e37c2075dd91d305f1b7d#6596e0bfbf82d6d3fe35239a191a3ff7 | ||
+ | |||
+ | % INFO % FP(/index.php) => 404#text/html#85ec7d654b5e37c2075dd91d305f1b7d#6596e0bfbf82d6d3fe35239a191a3ff7 | ||
+ | |||
+ | % 200 % /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E | ||
+ | % DESC % MPM Guesbook 1.2 and previous are vulnreable to XSS attacks. | ||
+ | |||
+ | % 200 % /guestbook/ | ||
+ | % DESC % This might be interesting... | ||
+ | |||
+ | % 200 % /squirrelmail/src/read_body.php | ||
+ | % DESC % This might be interesting... has been seen in web logs from an unknown scanner. | ||
+ | |||
+ | % 200 % /icons/README | ||
+ | % DESC % Apache default file found. | ||
+ | |||
+ | ==Run GUI== | ||
+ | |||
cd /usr/local/src/webshag | cd /usr/local/src/webshag | ||
− | ./webshag_gui | + | ./webshag_gui.py |
Latest revision as of 16:48, 5 June 2018
Webshag adalah tool audit web server multi-threaded, multi-platform. Ditulis menggunakan Python, ia mengumpulkan fungsionalitas yang biasanya berguna untuk pengauditan server web seperti crawling web, scan URL atau file fuzzing.
Webshag dapat digunakan untuk memindai server web di HTTP atau HTTPS, melalui proxy dan menggunakan otentikasi HTTP (Basic dan Digest). Selain itu, ia dapat mengusulkan fungsi penghindaran IDS yang inovatif yang bertujuan untuk membuat korelasi antara permintaan yang lebih rumit (misalnya menggunakan request berbeda random untuk setiap server proxy HTTP).
Instalasi
sudo apt-get install python-wxgtk3.0 git nmap cd /usr/local/src git clone https://github.com/wereallfeds/webshag cd webshag/ ./setup.linux.py
Run CLI
cd /usr/local/src/webshag
pscan
./webshag_cli.py -m pscan <target> ./webshag_cli.py -m pscan 192.168.0.97
Hasilnya kira-kira
% webshag 1.10 % Module: pscan % Host: 192.168.0.97
% PORT % 22 (tcp) % SRVC % ssh % PROD % OpenSSH % SYST % Linux % PORT % 23 (tcp) % SRVC % telnet % PROD % Linux telnetd % SYST % Linux % PORT % 25 (tcp) % SRVC % smtp % PROD % Postfix smtpd % PORT % 80 (tcp) % SRVC % http % PROD % Apache httpd % PORT % 110 (tcp) % SRVC % pop3 % PROD % Dovecot pop3d % PORT % 139 (tcp) % SRVC % netbios-ssn % PROD % Samba smbd % PORT % 143 (tcp) % SRVC % imap % PROD % Dovecot imapd % PORT % 445 (tcp) % SRVC % netbios-ssn % PROD % Samba smbd % PORT % 3306 (tcp) % SRVC % mysql % PROD % MySQL
uscan
./webshag_cli.py 192.168.0.97
Hasilnya kira-kira
% webshag 1.10 % Module: uscan % Host(s): 192.168.0.97 % Port(s): 80 % Root(s): /
192.168.0.97 / 80 % BANNER % Apache/2.4.18 (Ubuntu) => apache % INFO % FP(/) => 200#text/html#0a9ffb28d87cd72d43789e2c2ea0e596#ade90fe935d00ad54a5a46b818d3529b % INFO % FP(/1ZiI5Nw5) => 404#text/html#85ec7d654b5e37c2075dd91d305f1b7d#6596e0bfbf82d6d3fe35239a191a3ff7 % INFO % FP(/index.php) => 404#text/html#85ec7d654b5e37c2075dd91d305f1b7d#6596e0bfbf82d6d3fe35239a191a3ff7 % 200 % /guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E % DESC % MPM Guesbook 1.2 and previous are vulnreable to XSS attacks. % 200 % /guestbook/ % DESC % This might be interesting... % 200 % /squirrelmail/src/read_body.php % DESC % This might be interesting... has been seen in web logs from an unknown scanner. % 200 % /icons/README % DESC % Apache default file found.
Run GUI
cd /usr/local/src/webshag ./webshag_gui.py