We can gather information manually too but in this tutorial we will be using a tool in kali linux called " WhatWeb " for information gathering and via this whatweb tool we will be able to collect a tasty information about our targeted server and web application. This tool will dump all the important information which is necessary to launch our attack.
Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion & various types of queries & identify all technologies just like a vulnerability scanner.
So a pentester can use this tool as both a recon tool & vulnerability scanner. There are various other features like proxy support, scan tuning, scanning a range of IPs, spidering etc.
Whatweb can identify all sorts of information about a live website, like:
- Platform
- CMS platform
- Type of Script
- Google Analystics
- Webserver Platform
- IP address, Country
- Plugins & their libraries used
- Server Headers, Cookies and a lot more.
Lets Start With Website Information Gathering - Whatweb
Step 1.Open the terminal in Kali Linux and type whatweb
Read More :- http://www.techtrick.in/description/3547-website-information-gathering-on-kali-linux-whatweb
No comments:
Post a Comment