[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110405233328.GA19062@sadist.sglan>
Date: Wed, 6 Apr 2011 09:33:28 +1000
From: Nima Talebi <nima.talebi@...urusglobal.com>
To: Andrew Horton <andrew@...ningstarsecurity.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: WhatWeb v0.4.7 Released. Performance
enhancements and bug fixes
http://www.morningstarsecurity.com/downloads/whatweb-0.4.7.tar.gz
On Tue, Apr 05, 2011 at 11:42:12PM +1200, Andrew Horton wrote:
> Date: Tue, 05 Apr 2011 23:42:12 +1200
> From: Andrew Horton <andrew@...ningstarsecurity.com>
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] WhatWeb v0.4.7 Released. Performance
> enhancements and bug fixes
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.14)
> Gecko/20110223 Thunderbird/3.1.8
>
> Version 0.4.7 of WhatWeb is now released. This is a stability release with performance enhancements
> and a few bug fixes.
>
>
> .$$$ $. .$$$ $.
> $$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$.
> $ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.
> $ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$'
> $. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$.
> $::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$
> $;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$
> $$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
>
> Download: www.morningstarsecurity.com/research/whatweb/whatweb-0.4.7.tar.gz
> Homepage: www.morningstarsecurity.com/research/whatweb/
> Latest Version: 0.4.7, 5th April 2011
> License: GPLv2
> Author: urbanadventurer aka Andrew Horton from Security-Assessment.com
> Wiki: https://github.com/urbanadventurer/WhatWeb/wiki
> Development Version: https://github.com/urbanadventurer/WhatWeb
>
>
> About WhatWeb
> ================================================================================
>
> WhatWeb identifies websites. It's goal is to answer the question, "What is that Website?". WhatWeb
> recognises web technologies including content management systems (CMS), blogging platforms,
> statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has
> over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers,
> email addresses, account ID's, web framework modules, SQL errors, and more.
>
> WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to
> control the trade off between speed and reliability. When you visit a website in your browser, the
> transaction includes many hints of what web technologies are powering that website. Sometimes a
> single webpage visit contains enough information to identify a website but when it does not, WhatWeb
> can interrogate the website further. The default level of aggression, called 'passive', is the
> fastest and requires only one HTTP request of a website. This is suitable for scanning public
> websites. More aggressive modes were developed for in penetration tests.
>
> Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example,
> most WordPress websites can be identified by the meta HTML tag, e.g. '<meta name="generator"
> content="WordPress 2.6.5">', but a minority of WordPress websites remove this identifying tag but
> this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking
> the favicon, default installation files, login pages, and checking for "/wp-content/" within
> relative links.
>
>
> Features:
> * Over 900 plugins
> * Control the trade off between speed/stealth and reliability
> * Plugins include example URLs
> * Performance tuning. Control how many websites to scan concurrently.
> * Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree,
> RubyObject, MongoDB.
> * Recursive web spidering
> * Proxy support including TOR
> * Custom HTTP headers
> * Basic HTTP authentication
> * Control over webpage redirection
> * Nmap-style IP ranges
> * Fuzzy matching
> * Result certainty awareness
> * Custom plugins defined on the command line
>
>
> Changelog
> ================================================================================
>
> Version 0.4.7 Released April 5th 2011
> * Performance enhancements & bug fixes
> * Added -p + as a shortcut for -p +plugins-disabled
> * Added --quiet, -q - to not display brief logging to STDOUT
> * Fix Makefile - you can now install whatweb over an old version
> * Removed certainty from Mongo and JSON output unless certainty < 100
> * Removed certainty info from verbose output unless certainty <100
> * Bugfixes for error reporting
> * Updated some error messages
> * Disallow simultaneous use of aggressive level 3+ and recursive spidering
> * Changed default open and read timeouts to 15 and 30 seconds respectively
> * Updated slow plugins
> * Added plugins: TVersity, Ultimate-Bulletin-Board,
> * Moved plugins to plugins-disabled: atom_feed, meta-city, meta-contact, meta-country,
> meta-geography, meta-state, meta-zipcode and script
> * Renamed mailto plugin to email
>
>
> --
> Cheers,
> Andrew Horton
> Security Consultant for Security-Assessment.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Nima Talebi
Securus Global
w http://www.securusglobal.com/
p +61-2-9283-0255
f +61-2-9283-8011
----
CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person.i Views expressed are not necessarily endorsed by Securus Global. Please note that this communication does not designate an information system for the purposes of the Australian Electronic Transactions Act 2001.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists