Posted: . At: 11:39 AM. This was 9 months ago. Post ID: 18366
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.



Sponsored



Get information about a website using whatweb. This is very easy.

by

Getting information about a website is very easy. The whatweb utility will return information about the website, such as the software used on it and the country it is hosted in.

(jcartwright@localhost) 192.168.1.5 ~  $ whatweb http://178.62.76.175/warmech/
http://178.62.76.175/warmech/ [200 OK] Apache[2.4.10], Country[EUROPEAN UNION][EU], HTTPServer[Ubuntu Linux][Apache/2.4.10 (Ubuntu)], IP[178.62.76.175], MetaGenerator[Microsoft FrontPage 4.0], Title[WarMECH's Domain]

Another deeper scan, using -the -a 3 parameter, provides a much deeper scan of the web server`s software.

(jcartwright@localhost) 192.168.1.5 ~  $ whatweb -a 3 https://shrishikshayatancollege.org | tr "," "\n"
https://shrishikshayatancollege.org [200 OK] Apache
 Country[UNITED KINGDOM][GB]
 Email[shikshayatan@shrishikshayatancollege.org]
 HTML5
 HTTPServer[Apache]
 IP[178.79.159.193]
 JQuery[3.6.0]
 MetaGenerator[Powered by Slider Revolution 6.5.24 - responsive
 Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface.
Powered by WPBakery Page Builder - drag and drop page builder for WordPress.
WordPress 6.0.3]
 Modernizr
 PoweredBy[Slider
WPBakery]
 Script[text/javascript]
 Title[Shri Shikshayatan College – SSC]
 UncommonHeaders[link]
 WordPress[6.0.3]
 x-pingback[https://shrishikshayatancollege.org/xmlrpc.php]

Plus, piping the output to the tr command to change all commas to newlines to format the output in a more readable manner.

This may also be used to find out the operating system the web server is running on.

(jcartwright@localhost) 192.168.1.5 ~  $ whatweb -a 3 https://bicharada.oulu.ifrn.edu.br | tr "," "\n"
https://bicharada.oulu.ifrn.edu.br [200 OK] Country[BRAZIL][BR]
 HTTPServer[Ubuntu Linux][nginx/1.18.0 (Ubuntu)]
 IP[200.137.2.219]
 Index-Of
 Title[Index of /]
 nginx[1.18.0]

The Nmap utility may also be used to find installed server software and provide a guess of the installed operating system.

[root@localhost jcartwright]# nmap -O --max-retries=50 210.113.102.182
Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 10:48 AEST
Nmap scan report for 210.113.102.182
Host is up (0.19s latency).
Not shown: 990 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
443/tcp  closed https
2222/tcp closed EtherNetIP-1
3389/tcp closed ms-wbt-server
5432/tcp open   postgresql
8080/tcp closed http-proxy
8082/tcp closed blackice-alerts
8090/tcp closed opsmessaging
8888/tcp closed sun-answerbook
Aggressive OS guesses: Linux 5.0 - 5.4 (93%), Linux 5.0 (92%), Linux 5.4 (92%), Linux 2.6.32 (90%), HP P2000 G3 NAS device (90%), Linux 4.15 - 5.6 (90%), Linux 5.3 - 5.4 (89%), Infomir MAG-250 set-top box (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Linux 5.0 - 5.3 (89%)
No exact OS matches for host (test conditions non-ideal).
 
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.08 seconds

Here is another example.

[root@localhost jcartwright]# nmap -O -T3 54.180.95.161
Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:02 AEST
Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161)
Host is up (0.22s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http
Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Infomir MAG-250 set-top box (91%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.3 (91%), Linux 3.7 (90%), Linux 5.0 (90%), Linux 5.0 - 5.4 (90%), Linux 5.1 (90%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 27 hops
 
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.59 seconds

And this is what whatweb says about this server.

(jcartwright@localhost) 192.168.1.5 ~  $ whatweb 54.180.95.161 | tr "," "\n"
http://54.180.95.161 [200 OK] Country[UNITED STATES][US]
 HTTPServer[nginx/1.14.2]
 IP[54.180.95.161]
 Index-Of
 Title[Index of /]
 nginx[1.14.2]

This is a very interesting way to find out what web server software a website is using. Another way is to use the Wappalyzer Firefox plugin and detect all web technologies used on a website. Download this plugin here: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/. This is the most effective solution.

The nmap scanning tool, with the -sV parameter will also identify the web server software.

Password: 
[root@localhost jcartwright]# nmap -O -T3 -sV 54.180.95.161
Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:25 AEST
Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161)
Host is up (0.22s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.2
Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.7 (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.0 - 3.2 (91%), Linux 3.3 (91%), Infomir MAG-250 set-top box (90%), Linux 5.0 (90%), Linux 5.0 - 5.4 (90%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 27 hops
 
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.94 seconds

You may use the -O –osscan-guess parameter to force a more aggressive OS scan, but this does not always work well.

[root@localhost jcartwright]# nmap -T3 -O --osscan-guess -sV 54.180.95.161
Starting Nmap 7.91 ( https://nmap.org ) at 2023-08-12 11:36 AEST
Nmap scan report for ec2-54-180-95-161.ap-northeast-2.compute.amazonaws.com (54.180.95.161)
Host is up (0.23s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.14.2
Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 2.6.32 (91%), Infomir MAG-250 set-top box (91%), Linux 3.7 (91%), Netgear RAIDiator 4.2.21 (Linux 2.6.37) (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.0 - 3.2 (91%), Linux 3.3 (91%), Linux 2.6.32 - 3.1 (90%), Linux 5.0 (90%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 27 hops
 
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.90 seconds

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.