Web Server Auditing Tutorial : WEBSHAG is a well known Web Server Auditing tool . It ships in with Kali linux and can be used for doing a variety of scans on the Web server when conducting a web application penetration testing . Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
Here is a Link to the Webshag Official Page : Link
Here is a Link to Webshag source download Page : Link
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).
Penetration testers can use Webshag in two modes :
- Commandline webshag-cli – Multi-threaded web server audit tool (CLI)
- GUI webshag-gui – Multi-threaded web server audit tool (GUI)
Web Server Auditing Tutorial using Webshag:
webshag-cli – Multi-threaded web server audit tool (CLI)
root@kali:~# webshag-cli -h Usage: webshag-cli [-U | [options] target(s)] Options: --version show program's version number and exit -h, --help show this help message and exit -U Update the URL scanner databases and exit -m MODULE Use MODULE [pscan|info|spider|uscan|fuzz]. (default: uscan) -p PORT Set target port to PORT. For modules uscan and fuzz PORT can be a list of ports [port1,port2,...]. (default: 80) -r ROOT Set root directory to ROOT. For modules uscan and fuzz ROOT can be a list of directories [/root1/,/root2/,...]. (default: /) -k SKIP *uscan only* Set a false positive detection string -s SERVER *uscan only* Bypass server detection and force server as SERVER -i SPIDER_INIT *spider) only* Set spider initial crawling page (default: /) -n FUZZ_MODE *fuzz only* Choose the fuzzing mode [list|gen]. (default: list) -e FUZZ_CFG *fuzz / list only* Set the fuzzing parameters for list mode. 11 = fuzz directories and files; 01 = fuzz files only; 10 = fuzz directories only; 00 = fuzz nothing. (default: 11) -g FUZZ_GEN *fuzz / gen only* Set the filename generator expression. Refer to documentation for syntax reference. (default: ) -x Export a report summarizing results. -o OUTPUT Set the format of the exported report. [xml|html|txt]. (default: html) -f OUTPUT_FILE Write report to FILE. (default: webshag_report.html)
webshag-cli Usage Example for web server auditing tutorial :
Run a port scan (-m pscan) on the remote IP address (192.168.1.xxx):
root@kali:~# webshag-cli -m pscan 192.168.1.202 ~~~~~~~~~~~~~~~~~~~~~~~~~~ ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ % webshag 1.10 % Module: pscan % Host: 192.168.1.202 ~~~~~~~~~~~~~~~~~~~~~~~~~~ ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 192.168.1.202 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ % PORT % 22 (tcp) % SRVC % ssh % PROD % OpenSSH % SYST % Linux % PORT % 80 (tcp) % SRVC % http % PROD % Apache httpd % PORT % 9876 (tcp) % SRVC % http % PROD % Apache httpd ~~~~~~~~~~~~~~~~~~~~~~~~~~ ## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
webshag-gui Usage Example
root@kali:~# webshag-gui