Giters

urbanadventurer / WhatWeb

Next generation web scanner

Home Page:https://www.morningstarsecurity.com/research/whatweb

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

WhatWeb Not Enumerating PHP Correctly

Greenwolf opened this issue · comments

commented

I want to extract php sites from the whatweb results using grep, which i've done before. However WhatWeb seems to be missing key indicators of the server language in the response.

When I tested it against 2 random sites from google found using a 'filetype:php' search, WhatWeb isn't marking them as php, even though in the proxy response, there is clear use of .php throughout.

These are the commands used, slightly sanitised,

# useragent="Mozilla/5.0 (X11; Linux i686; rv:10.0) Gecko/20100101 Firefox/10.0"
# echo "https://www.test1.fr/" | whatweb -i /dev/stdin --proxy 127.0.0.1 --user-agent "$useragent" | tee test.txt
https://www.test1.fr/ [200 OK] Country[UNITED STATES][US], HTML5, IP[censored], Open-Graph-Protocol[website], Script, Title[test1], UncommonHeaders[link,x-mod-pagespeed,x-amz-cf-pop,x-amz-cf-id], Via-Proxy[1.1 b9ead8d9e99fb1a70cc9b3ee9d847ec6.cloudfront.net (CloudFront)], X-Frame-Options[sameorigin], X-Powered-By[Express]
# echo "https://www.test2.com/" | whatweb -i /dev/stdin --proxy 127.0.0.1 --user-agent "$useragent" | tee test.txt 
https://www.test2.com/ [200 OK] CloudFlare, Cookies[__cf_bm,__cfduid], Country[UNITED STATES][US], Frame, HTML5, HTTPServer[cloudflare], HttpOnly[__cf_bm,__cfduid], IP[censored], Script[6efe741a6daaa4cab79fa4cd-text/javascript,text/javascript], Title[test2], UncommonHeaders[x-content-type-options,x-nginx-cache-status,x-server-powered-by,cf-cache-status,cf-request-id,expect-ct,cf-ray], X-XSS-Protection[1; mode=block]

These are some extracts from the responses, each site contained around 15-20 references to php.

<a class="cbm-btn--3" rel="nofollow" href="https://www.test1.fr/panier.php">
<a href="https://www.test1.fr/compte_menu.php?mod=1&pro=&service=" rel="nofollow" data-xtclick='{"label":"PART::Mes_annonces", "typeClick":"navigation"}'>
|| <a href="https://www.test2.com/2021/up-abhyuday-yojna.php" target=_blank><b>
| | <a href="https://www.test2.com/2020/iit-gate-2021.php" target=_blank><b>
commented

I have updated the php plugin so that it detects php through the file extension, however I don't currently plan to detect file extensions on links.