whatweb是backtrack下的一款Web识别工具,位于

Applications-->BackTrack-->Information Gathing-->Web Application Analysis-->CMS identification-->whatweb

  

初次使用,我们需在终端下输入

update-alternatives --config ruby

  切换为ruby,再输入编号0

root@bt:/pentest/enumeration/web/whatweb# update-alternatives --config ruby

There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status

------------------------------------------------------------

  0            /usr/bin/ruby1.8     500       auto mode

  1            /usr/bin/ruby1.8     500       manual mode

* 2            /usr/bin/ruby1.9.2   400       manual mode 
Press enter to keep the current choice[*], or type selection number: 0

update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.

  现在我用whatweb看些自己blog的信息:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb www.evilxr.com

Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.

http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]

  也可以加参数再看下:

root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v www.evilxr.com

Could not load SystemTimer >= v1.2.0. Falling back to timeout.rb. SystemTimer is STRONGLY recommended for timeouts in Ruby 1.8.7. See http://ph7spot.com/blog/system-timer-1-2-release for details.

www.evilxr.com/ [200]

http://www.evilxr.com [200] WordPress[3.9.1], MetaGenerator[WordPress 3.9.1], HTTPServer[Microsoft-IIS/6.0], x-pingback[,http://www.evilxr.com/xmlrpc.php], ASP.NET, UncommonHeaders[x-pingback], HTML5, IP[192.126.119.48], JQuery[1.11.0], Mobile-Website, PHP[5.2.17], X-Powered-By[ASP.NET, PHP/5.2.17], Microsoft-IIS[6.0], Title[Evilxr: Just for fun.]

URL    : http://www.evilxr.com

Status : 200

   ASP.NET --------------------------------------------------------------------

	Description: ASP.NET is a free web framework that enables great Web

	             applications. Used by millions of developers, it runs some

	             of the biggest sites in the world. - homepage:

	             http://www.asp.net/ 

   HTML5 ----------------------------------------------------------------------

	Description: HTML version 5, detected by the doctype declaration 

   HTTPServer -----------------------------------------------------------------

	Description: HTTP server header string

	String     : Microsoft-IIS/6.0 (from server string)

   IP -------------------------------------------------------------------------

	Description: IP address of the target, if available.

	String     : 192.126.119.48

   JQuery ---------------------------------------------------------------------

	Description: Javascript library

	Version    : 1.11.0

   MetaGenerator --------------------------------------------------------------

	Description: This plugin identifies meta generator tags and extracts its

	             value.

	String     : WordPress 3.9.1

   Microsoft-IIS --------------------------------------------------------------

	Description: Microsoft Internet Information Services (IIS) for Windows

	             Server is a flexible, secure and easy-to-manage Web server

	             for hosting anything on the Web. From media streaming to

	             web application hosting, IIS's scalable and open

	             architecture is ready to handle the most demanding tasks. -

	             homepage: http://www.iis.net/

	Version    : 6.0

   Mobile-Website -------------------------------------------------------------

	Description: This plugin detects websites designed for mobile devices. 

   PHP ------------------------------------------------------------------------

	Description: PHP is a widely-used general-purpose scripting language

	             that is especially suited for Web development and can be

	             embedded into HTML. - homepage: http://www.php.net/

	Version    : 5.2.17

   Title ----------------------------------------------------------------------

	Description: The HTML page title

	String     : Evilxr: Just for fun. (from page title)

   UncommonHeaders ------------------------------------------------------------

	Description: Uncommon HTTP server headers. The blacklist includes all

	             the standard headers and many non standard but common ones.

	             Interesting but fairly common headers should have their own

	             plugins, eg. x-powered-by, server and x-aspnet-version.

	             Info about headers can be found at www.http-stats.com

	String     : x-pingback (from headers)

   WordPress ------------------------------------------------------------------

	Description: WordPress is an opensource blogging system commonly used as

	             a CMS. Homepage: http://www.wordpress.org/

	Version    : 3.9.1

   X-Powered-By ---------------------------------------------------------------

	Description: X-Powered-By HTTP header

	String     : ASP.NET, PHP/5.2.17 (from x-powered-by string)

   x-pingback -----------------------------------------------------------------

	Description: A pingback is one of three types of linkbacks, methods for

	             Web authors to request notification when somebody links to

	             one of their documents. This enables authors to keep track

	             of who is linking to, or referring to their articles. Some

	             weblog software, such as Movable Type, Serendipity,

	             WordPress and Telligent Community, support automatic

	             pingbacks

	String     : ,http://www.evilxr.com/xmlrpc.php

  

backtrack下whatweb的使用的更多相关文章

  1. backtrack下vim的使用

    root@bt:~# vim test.c //vim新建或者编辑test.c,执行后进入vim编辑器,按a键进入编辑状态,输入C代码 #include<stdio.h> void mai ...

  2. Backtrack下的dns爆破工具的目录

    直接可以切换到 /pentest/enumeration/dns#

  3. 试做Chrome插件——whatweb的chrome插件(从老博客转)

    引子 最近一个月每天早上在学Javascript,刚学完基础语法和一点点jQuery,今天忍不住写个Chrome玩玩看看自己对JavaScript的掌握怎么样了. 目标 考虑了一下,打算做个小东西,但 ...

  4. 网站程序CMS识别

    CMS cms一般有dedecms(织梦),dzcms,phpweb,phpwind,phpcms,ecshop,dvbbs,siteweaver,aspcms,帝国,zblog,wordpress等 ...

  5. C++程序结构---1

    C++ 基础教程Beta 版 原作:Juan Soulié 翻译:Jing Xu (aqua) 英文原版 本教程根据Juan Soulie的英文版C++教程翻译并改编. 本版为最新校对版,尚未定稿.如 ...

  6. 用Backtrack进行渗透测试评估

    Web应用程序的分析在渗透测试和漏洞评估中发挥了重要的作用.确定Web应用程序的正确信息(例如使用的插件,CMS类型等)都可以帮助测试者使用准确的漏洞来测试,能够降低整个渗透测试漏洞评估所花费的时间. ...

  7. ubuntu下导入kali源

    Kali-Linux之前的渗透神器BackTrack是基于Ubuntu的,界面比较友好,字体渲染看起来也比较舒服(也可能是本人用惯了 Ubuntu的缘故).后来官方终止BackTrack,开发Kali ...

  8. BackTrack 5 R3 Metasploit更新方法及msfupdae,msconsole出错解决办法

    更新Metasploit最新版本: #cd /opt/metasploit/ #rm -rf msf3 #git clone --depth=1 git://github.com/rapid7/met ...

  9. [转]如何使用BackTrack破解WIFI无线网络的WEP密钥

    aireplay-ng - -a (bssid) -h ::::: -e (essid) (interface) 你可能已经知道如果你想要加锁自己的WIFI无线网络,你最好选择WPA加密方式,因为WE ...

随机推荐

  1. 通过使用ScriptManager.RegisterStartupScript,呈现后台多次使用alert方法

    在前台HTML中加入alert或者confirm,相信大家已经非常熟悉并且经常使用: <div onclick="alert('hello')">按钮1</div ...

  2. VMware-workstation-full-10.0.3-1895310 CN

    Name: VMware-workstation-full-10.0.3-1895310.exe发行日期: 2014-07-01内部版本号: 1895310文件大小: 491 MB文件类型: exe ...

  3. hadoop版本和位数的查看方法

    目前针对apache hadoop更新的版本较多,由此而产生了两个方面的问题: 1.如何查看运行的集群当中的hadoop的版本的问题. 2.如何查看运行集群当中的hadoop的位数 下面详细的介绍一下 ...

  4. poj2184 背包

    //Accepted 1492 KB 110 ms //背包 //把si看成weight,Fi看成value,这可以表示成当dp[j]=max(dp[j-weight[i]]+value[i]) // ...

  5. 团队博客——Sprint计划会议1

    每日Scrum:第一天 会议时间:4.14.晚八点半 会议地点:基础教学楼一楼大厅 小组成员:郭庆樑,林彦汝,张金 认领人—使团队成员分工合作,保持团队的积极性. ID 名称(NAME) 重要性(IM ...

  6. 利用NTFS交换数据流隐藏文件

    利用NTFS交换数据流隐藏文件 发表于 2012 年 12 月 15 日 由 晴刃 这篇文章介绍一下Windows的NTFS文件系统的ADS(alternate data streams,交换数据流) ...

  7. [转]dev C++编写windows程序遇到问题

    1.工具-编译选项-编译器-在连接器命令行加入以下命令: -mwindows 2.出现错误:undefined reference to `PlaySoundA@12' 解决办法:工具-编译选项-编译 ...

  8. (转)mysql各个主要版本之间的差异

    原文:http://blog.csdn.net/z1988316/article/details/8095407   一.各版本的常用命令差异 show innodb status\G mysql-5 ...

  9. python字符decode与encode的问题

    同事在工作中遇到一个字符编码的问题:问题是:从mysql数据库中读出来的varchar类型数据在python是unicode类型的. 但他却对这个unicode字符进行了decode,因为他以为读出来 ...

  10. css中的列表属性

    list-style-type设定引导列表的符号类型,可以设置多种符号类型,值为disc.circle.square等 list-style-image使用图像作为定制列表的符号 list-style ...