whatweb是backtrack下的一款Web识别工具,位于

Applications-->BackTrack-->Information Gathing-->Web Application Analysis-->CMS identification-->whatweb

  

初次使用,我们需在终端下输入

update-alternatives --config ruby

  切换为ruby,再输入编号0

root@bt:/pentest/enumeration/web/whatweb# update-alternatives --config ruby

There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status

------------------------------------------------------------

  0            /usr/bin/ruby1.8     500       auto mode

  1            /usr/bin/ruby1.8     500       manual mode

* 2            /usr/bin/ruby1.9.2   400       manual mode 
Press enter to keep the current choice[*], or type selection number: 0

update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.

  现在我用whatweb看些自己blog的信息:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb www.evilxr.com

Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.

http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]

  也可以加参数再看下:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v www.evilxr.com

Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.

www.evilxr.com/ [200]

http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]

URL    : http://www.evilxr.com

Status : 200

   ASP.NET --------------------------------------------------------------------

	Description: ASP.NET is a free web framework that enables great Web

	             applications. Used by millions of developers, it runs some

	             of the biggest sites in the world. - homepage:

	             http://www.asp.net/ 

   HTML5 ----------------------------------------------------------------------

	Description: HTML version 5, detected by the doctype declaration 

   HTTPServer -----------------------------------------------------------------

	Description: HTTP server header string

	String     : Microsoft-IIS/6.0 (from server string)

   IP -------------------------------------------------------------------------

	Description: IP address of the target, if available.

	String     : 192.126.119.48

   JQuery ---------------------------------------------------------------------

	Description: Javascript library

	Version    : 1.11.0

   MetaGenerator --------------------------------------------------------------

	Description: This plugin identifies meta generator tags and extracts its

	             value.

	String     : WordPress 3.9.1

   Microsoft-IIS --------------------------------------------------------------

	Description: Microsoft Internet Information Services (IIS) for Windows

	             Server is a flexible, secure and easy-to-manage Web server

	             for hosting anything on the Web. From media streaming to

	             web application hosting, IIS's scalable and open

	             architecture is ready to handle the most demanding tasks. -

	             homepage: http://www.iis.net/

	Version    : 6.0

   Mobile-Website -------------------------------------------------------------

	Description: This plugin detects websites designed for mobile devices. 

   PHP ------------------------------------------------------------------------

	Description: PHP is a widely-used general-purpose scripting language

	             that is especially suited for Web development and can be

	             embedded into HTML. - homepage: http://www.php.net/

	Version    : 5.2.17

   Title ----------------------------------------------------------------------

	Description: The HTML page title

	String     : Evilxr: Just for fun. (from page title)

   UncommonHeaders ------------------------------------------------------------

	Description: Uncommon HTTP server headers. The blacklist includes all

	             the standard headers and many non standard but common ones.

	             Interesting but fairly common headers should have their own

	             plugins, eg. x-powered-by, server and x-aspnet-version.

	             Info about headers can be found at www.http-stats.com

	String     : x-pingback (from headers)

   WordPress ------------------------------------------------------------------

	Description: WordPress is an opensource blogging system commonly used as

	             a CMS. Homepage: http://www.wordpress.org/

	Version    : 3.9.1

   X-Powered-By ---------------------------------------------------------------

	Description: X-Powered-By HTTP header

	String     : ASP.NET, PHP/5.2.17 (from x-powered-by string)

   x-pingback -----------------------------------------------------------------

	Description: A pingback is one of three types of linkbacks, methods for

	             Web authors to request notification when somebody links to

	             one of their documents. This enables authors to keep track

	             of who is linking to, or referring to their articles. Some

	             weblog software, such as Movable Type, Serendipity,

	             WordPress and Telligent Community, support automatic

	             pingbacks

	String     : ,http://www.evilxr.com/xmlrpc.php

  

backtrack下whatweb的使用的更多相关文章

  1. backtrack下vim的使用

    root@bt:~# vim test.c //vim新建或者编辑test.c,执行后进入vim编辑器,按a键进入编辑状态,输入C代码 #include<stdio.h> void mai ...

  2. Backtrack下的dns爆破工具的目录

    直接可以切换到 /pentest/enumeration/dns#

  3. 试做Chrome插件——whatweb的chrome插件(从老博客转)

    引子 最近一个月每天早上在学Javascript,刚学完基础语法和一点点jQuery,今天忍不住写个Chrome玩玩看看自己对JavaScript的掌握怎么样了. 目标 考虑了一下,打算做个小东西,但 ...

  4. 网站程序CMS识别

    CMS cms一般有dedecms(织梦),dzcms,phpweb,phpwind,phpcms,ecshop,dvbbs,siteweaver,aspcms,帝国,zblog,wordpress等 ...

  5. C++程序结构---1

    C++ 基础教程Beta 版 原作:Juan Soulié 翻译:Jing Xu (aqua) 英文原版 本教程根据Juan Soulie的英文版C++教程翻译并改编. 本版为最新校对版,尚未定稿.如 ...

  6. 用Backtrack进行渗透测试评估

    Web应用程序的分析在渗透测试和漏洞评估中发挥了重要的作用.确定Web应用程序的正确信息(例如使用的插件,CMS类型等)都可以帮助测试者使用准确的漏洞来测试,能够降低整个渗透测试漏洞评估所花费的时间. ...

  7. ubuntu下导入kali源

    Kali-Linux之前的渗透神器BackTrack是基于Ubuntu的,界面比较友好,字体渲染看起来也比较舒服(也可能是本人用惯了 Ubuntu的缘故).后来官方终止BackTrack,开发Kali ...

  8. BackTrack 5 R3 Metasploit更新方法及msfupdae,msconsole出错解决办法

    更新Metasploit最新版本: #cd /opt/metasploit/ #rm -rf msf3 #git clone --depth=1 git://github.com/rapid7/met ...

  9. [转]如何使用BackTrack破解WIFI无线网络的WEP密钥

    aireplay-ng - -a (bssid) -h ::::: -e (essid) (interface) 你可能已经知道如果你想要加锁自己的WIFI无线网络,你最好选择WPA加密方式,因为WE ...

随机推荐

  1. sql遍历树

    oracle有直接的sql来遍历一颗树的子节点和父节点 遍历一个节点的所有子节点(classid的值就是该节点的值) select *  from organization_ a start with ...

  2. PDF创建及动态转换控件程序包ActivePDF Portfolio

    ActivePDF Portfolio是将4个activePDF最优秀的服务器产品捆绑成一个价格适中的控件程序包.它提供了开发一个完整的服务器端的PDF解决方案所需的一切. 具体功能: activeP ...

  3. 多功能节点连线绘图控件Nevron Diagram for .NET使用方法及下载地址

    Nevron Diagram for .NET是一个功能强大,世界上顶级的.NET图表控件.可扩展的图形报表构架,可以帮您创建功能丰富的Winforms及Webforms图表解决方案.这个产品构建于N ...

  4. Chrome 应用推荐 - 下载管理扩展: Chrono

    地址:http://goo.gl/JVdxvg Chrono下载管理器让你轻松高效地管理Chrome浏览器中的下载任务.Chrono与Chrome浏览器紧密地整合在一起,如菜单.工具栏支持等等.Chr ...

  5. PHP time() 函数

    定义和用法 time() 函数返回当前时间的 Unix 时间戳. 语法 time(void) 参数 描述 void 可选. 说明 返回自从 Unix 纪元(格林威治时间 1970 年 1 月 1 日 ...

  6. lib静态链接库,dll动态链接库,h文件

    最近在弄摄像头,发现我在调用摄像头自带的函数的时候,库没连接上,于是经过高人指点,学习了一下lib静态链接库,dll动态链接库来补充一下自己的基础知识. 一.首先我们来介绍一下lib静态链接库. li ...

  7. Java面向对象的三大特征

    Java面向对象的三大特征 java面向对象的三大特征:“封装.继承.多态”.更多Java技术知识,请登陆疯狂软件教育官网.微信搜索微信号:疯狂软件,参加2015年优惠活动,有机会获得优惠劵和代金劵. ...

  8. IOS的变量前加extern和static字段

    IOS的变量前加extern和static字段 前一阵子,做项目的时候到网上找Demo,打开运行的时候发现其中变量前有关键字extern和static,所以我研究了一下子 对于extern来说可以理解 ...

  9. sql连接又一篇

    作者:初行 – 博客园 SQL连接可以分为内连接.外连接.交叉连接. 数据库数据: book表:                                         stu表:       ...

  10. Interview----求 1+2+...+n, 不能用乘除法、for、while if、else、switch、case 等关键字以及条件判断语句 (A?B:C)

    题目描述: 求 1+2+...+n, 要求不能使用乘除法.for.while.if.else.switch.case 等关键字以及条件判断语句 (A?B:C). 分析: 首先想到的是写递归函数,但是遇 ...