Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

WhatWeb version 0.4.3 released
From: Andrew Horton <andrew () morningstarsecurity com>
Date: Tue, 25 May 2010 00:49:54 +1200

I've just released a new version of WhatWeb with new features and plugins.


You can read more and download it from http://www.morningstarsecurity.com/research/whatweb

DESCRIPTION
--------------------------------------------------------------------------------
Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript
libraries, servers and more. When you visit a website in your browser the transaction includes many
unseen hints about how the webserver is set up and what software is delivering the webpage. Some of
these hints are obvious, eg. "Powered by XYZ" and others are more subtle. WhatWeb recognises these
hints and reports what it finds.

WhatWeb has over 90 plugins and needs community support to develop more. Plugins can identify
systems with obvious identifying hints removed by also looking for subtle clues. For example, a
WordPress site might remove the tag <meta name="generator" content="WordPress 2.6.5"> but the
WordPress plugin also looks for "wp-content" which is less easy to disguise. Plugins are flexible
and can return any datatype, for example plugins can return version numbers, email addresses,
account ID's and more.

There are both passive and aggressive plugins, passive plugins use information on the page, in
cookies and in the URL to identify the system. A passive request is as light weight as a simple GET
/ HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write,
you don't need to know ruby to make them.



CHANGES
--------------------------------------------------------------------------------
Version 0.4.3 Released May 24th 2010

* Added GPLv2 notices
* Added Makefile (Thanks Michal Ambroz <rebus AT seznam.cz>)
* Added man pages (Thanks Michal Ambroz <rebus AT seznam.cz>)
* Added --version
* Added Invalid command line argument handling
* Added @cookie variable to plugins but is not availble for recursive use
* Changed output colour of page titles
* Changed plugin names to use a CamelCase convention
* Merged the google analytics GA and Urchin plugins
* Modified MovableType plugin
* Added Cookie names plugin
* Added Concrete5 CMS plugin
* Added CushyCMS plugin
* Added FrogCMS plugin
* Added ModxCMS plugin
* Added TypoLight plugin
* Added ExpressionEngine plugin
* Fixed a bug in Tomcat plugin
* New feature, my-plugins/ folder. Keep your personal plugins separate.
* Usage info shows correct defaults
* Fixed a bug where aggressive plugins didn't use the proxy settings
* Added XML (naive) logging
* Updated usage to show how to pipe HTML to /dev/stdin
* Added --no-redirect option. Do not follow HTTP 3xx redirects

Homepage: http://www.morningstarsecurity.com/research/whatweb

-- 
Cheers,

Andrew Horton

MorningStar Security
Mobile +64 (0) 272 646 959
Web www.morningstarsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • WhatWeb version 0.4.3 released Andrew Horton (May 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]