WhatWeb parses this code and identifies known technologies. When you visit a web address in your browser the raw source has many unseen pointers about the server and software that is running on the web site. About the WhatWeb ToolĬontent management systems (CMS), blog technologies, analytics packages, javascript libraries, web server versions are just some of the technologies that can be identified with WhatWeb. Knowing the technology in use can allow you to focus your attacks, knowing the version can reveal exploitable vulnerabilities - all with only a simple web request.Īpplication fingerprint is the first step of the Information Gathering process knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing. With the version, you are a simple search away from finding exploits that affect that particular version of the software. Not only can the type of technology be revealed but often the version of the software can also be determined.
web analytics javascript (google analytics).javascript frameworks (ember.js, angularjs).management applications (phpmyadmin, tomcat administration pages).content management system (wordpress, joomla, drupal).web server and version in use (nginx, IIS, apache).Analysis of the HTTP response can reveal:
The response from the web server will reveal details about the technologies in use within the HTTP Response Header as well as the HTML body of the response. When performing attack surface discovery against an organisation a great deal of information can be gathered from simply performing a regular web request against the target web sites.
0 kommentar(er)
