# Course #692: Introduction to whatweb$ on Kali Linux
## Section 1: Installation and Configuration of whatweb$
### 1.1 Installation on Kali Linux
`whatweb$` is a powerful tool that allows penetration testers to enumerate and identify web technologies used by a target website. It's part of the Kali Linux distribution and can be easily installed and configured. Follow these steps to install `whatweb$` on Kali Linux:
1. **Open your terminal**: You can open your terminal by searching for "Terminal" in your applications menu or using the shortcut `Ctrl + Alt + T`.
2. **Update your package list**: Before installing any software, it’s good practice to update your package lists to ensure you have the latest versions of packages.
sudo apt update
3. **Install WhatWeb**: Use the following command to install `whatweb$`.
sudo apt install whatweb
4. **Verify Installation**: After installation, check if WhatWeb is installed correctly by running:
whatweb –version
If you see the version number of `whatweb$`, then it is correctly installed.
### 1.2 Configuration of whatweb$
`whatweb$` usually requires little to no configuration to get started. However, you can customize its behavior to suit your needs. Here’s how you can configure it:
1. **Configuration File**: The primary configuration file for `whatweb$` is located at `/etc/whatweb.conf`. You can edit this file to change settings such as user agents, verbosity, and more.
sudo nano /etc/whatweb.conf
2. **Custom User Agents**: You can specify a custom user agent string to mimic various browsers or tools. To do this, look for the `user-agent` section in the configuration file and modify it to include your preferred user agent.
3. **Plugins and Profiles**: `whatweb$` has various plugins that enhance its capability to detect technologies. You can enable or disable these plugins in the configuration file by commenting or uncommenting lines pertaining to specific plugins.
4. **Running as Non-Root User**: It’s recommended to run `whatweb$` as a non-root user for security reasons. You can create a new user and add them to the necessary groups, ensuring they have the right permissions.
### 1.3 Step-by-Step Usage of whatweb$
Now that `whatweb$` is installed and configured, let’s dive into its usage. Here’s a step-by-step guide to using `whatweb$` to gather information about a target website.
#### Step 1: Basic Command Syntax
The basic syntax of the `whatweb$` command is:
"`bash
whatweb [options]
"`
#### Step 2: Running whatweb$ Against a Target
Let’s run `whatweb$` against an example target, such as `example.com`. Use the following command:
"`bash
whatweb example.com
"`
#### Step 3: Analyzing Output
The output will provide a variety of information about the target website, including server software, content management systems, frameworks (like WordPress), and other technologies. Here’s a breakdown of the output you might see:
– **Server**: The type of server software the website is running (e.g., Apache, Nginx).
– **CMS**: Identifies if a content management system like WordPress is in use.
– **JavaScript Libraries**: Lists libraries that might indicate specific functionalities.
– **Plugins & Extensions**: Any identifiable plugins that enhance features.
This information is crucial for a pentester as it provides insight into potential vulnerabilities associated with the identified technologies.
### 1.4 Real-World Use Cases
Here we delve into how `whatweb$` can be utilized in various penetration testing scenarios, particularly for web applications.
#### Use Case 1: Identifying Vulnerable WordPress Installations
WordPress is widely used, but it can also have vulnerabilities if not regularly updated. Let’s see how to identify WordPress installations:
**Command:**
"`bash
whatweb –verbose example.com
"`
The `–verbose` flag provides a more detailed output, allowing you to see any plugins or themes that might be outdated or vulnerable to exploitation.
#### Use Case 2: Fingerprinting Web Applications
By running `whatweb$` on a target, you can quickly identify the underlying technologies and frameworks. This can help in crafting tailored attacks.
**Command:**
"`bash
whatweb –all example.com
"`
The `–all` option forces WhatWeb to use all detection methods, making it a robust choice for deep fingerprinting.
### 1.5 Code Examples for WordPress
Let’s look at a few code snippets that demonstrate how to use `whatweb$` effectively in a WordPress pentesting context.
**Example 1: Checking for a Specific Plugin**
To check if a specific plugin (say, "Contact Form 7") is installed on a WordPress site, you can run:
"`bash
whatweb –plugin "Contact Form 7" example.com
"`
**Example 2: Saving Output to a File**
When conducting assessments, you might want to save the output for further analysis. Here’s how you do it:
"`bash
whatweb example.com > report.txt
"`
This will create a text file named `report.txt` containing all the data from your scan.
**Example 3: Scanning Multiple URLs**
To scan multiple websites in one go, you can create a file with target URLs and use the `-f` option:
"`bash
whatweb -f targets.txt
"`
Where `targets.txt` contains a list of URLs, one per line.
### 1.6 Detailed Technical Explanations
#### 1.6.1 How whatweb$ Detects Technologies
`whatweb$` uses various methods to detect web technologies. Here’s how it works:
– **HTTP Headers**: Many web servers include information about the server software in HTTP headers. `whatweb$` reads and interprets these headers.
– **HTML Content**: It scans the HTML content of the page for specific tags and patterns that are associated with known technologies.
– **JavaScript Files**: The tool checks for common JavaScript libraries and frameworks by searching for specific filenames or signatures.
– **Cookies and Meta Tags**: It looks for specific cookies and meta tags that might reveal the application's framework or CMS.
#### 1.6.2 Security Implications
Understanding what technologies are present on a web application also guides the pentester in assessing the potential vulnerabilities. For example:
– **Outdated CMS**: An outdated WordPress installation might be susceptible to known exploits.
– **Weak Plugins**: Some plugins might have critical vulnerabilities that can be exploited if they are not properly maintained.
– **Server Misconfigurations**: Identifying server software can reveal misconfigurations that could lead to security issues.
### 1.7 External References
For further reading and deeper insight into `whatweb$`, consider referring to the following resources:
– [WhatWeb Official Documentation](https://github.com/urbanus/WhatWeb)
– [Kali Linux Tools Documentation](https://www.kali.org/docs/tools/)
– [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/latest/)
By leveraging these resources, users can enhance their understanding of web security and improve their pentesting skills.
—
### Conclusion
In this section, we covered the installation and configuration of `whatweb$`, delved into its usage with real-world examples, and explored the underlying mechanics that make it such a valuable tool for pentesters. As the web continues to evolve, so do the technologies behind it, making tools like `whatweb$` indispensable for any cybersecurity professional.
—
Made by pablo rotem / פבלו רותם