Home

Webshag 1.00

1. NF FP gt 200 text html 6cd0c8551768ba264b912d2098fle2da 32374fcfefsd18a77f5ad543656357c1 INF FP xFCrVAZT gt 404 text html a0c017e8f3foo1e7bcd7ae19389fcad7 6596e0bfbf82d6d3fe35239a191a3ff7 INF FP index php gt 200 text html 663f29b6de194bb369fdd83380c0f384 32374fcfef5d18a77f5ad543656357c1 INF robots txt found It might be interesting to have a look inside 200 TRACE option appears to allow XSS or credential theft See http www cgisecurity com whitehat mirror WhitePaper_screen pdf for details 200 findex php PHPB8B5F2A0 3C92 11d3 A3A9 4C7B08C10000 PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings 200 phpmyadmin phpMyAdmin is for managing MySQL databases and should be protected or limited to authorized hosts 200 icons Directory indexing is enabled icons 200 fimages Directory indexing is enabled images Console TARGET Scanning 10 51 41 36 80 lt RUNNING gt Note that an Import button allows to automatically import results from previous PSCAN INFO SPIDER modules Selected results are directly inserted in the correct fields 9 http www cirt net code nikto shtml Import Results x hosts roots ports 2 Jrobots s0 Ibasic Idigest favalanche content fimages eee am Command Line Interface To run this module in CLI mode run webshag with C option and
2. Note that an expression containing any unsupported character set will not be expanded but will be kept as is in filename e g x 5 3 will be taken as is Note also that you can combine several generating expressions in a generator string e g the generator image a z 1 _ 0 9 2 jpg is perfectly valid however due to multi threaded design of the module all the possible filenames have to be generated at once at the beginning of the scan Thus be careful with the sizes unless you have a large amount of RAM e g a Z 6 gt 120GB Finally note that file fuzzer uses the same page fingerprinting technique than URL scanner to identify false positives Graphical User Interface To run the file fuzzing module select the FUZZ tab and fill in the required parameters The target s are given by the target and port fields and the root directory ies can be specified by the root field All these fields can contain one or several comma separated values When using the list mode a default extension can be specified in File Extension field When using generator mode the generator string has to be inserted in Expression field Note that it is possible to directly import results from PSCAN INFO and SPIDER modules using the Import button webshag 1 00 JAG file Tools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target s host1 host2 Port s 80 8080 10 51 4136 eo I or Q stop Root directoti
3. are detailed throughout this documentation however a reference can be obtained directly by using CLI help Note that if you omit the C option webshag will start in GUI mode and ignore any other option or parameter 0x0011 PSCAN Module Basics The PSCAN port scanning module of webshag allows discovering open HTTP ports on the target machine To achieve this it relies on Nmap port scanner If Nmap is not installed and functional this module won t work Graphical User Interface To run the port scanning module in GUI mode select the PSCAN tab enter the target hostname or an IPv4 address and click the OK button Note that all the open ports are displayed not only those detected as HTTP webshag 1 00 ela E File Tools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target host IPv4 10 51 41 35 ok Results Open Ports Port Details PORT 22 TCP a SERVICE ssh PRODUCT OpenSSH SYSTEM Linux Console INFO Scan of 10 51 41 36 finished INFO Found 2 open ports lt IDLE gt Command Line Interface To run the port scanning module in CLI mode run webshag with C option and set m option to pscan webshag py C m pscan 10 51 41 36 6 http nmap org 0x0100 INFO Module Basics The domain information module of webshag allows retrieving the referenced domain names vhosts hosted on the target machine To achie
4. m CO Enable SSL User Agent Socket Timeout oz e Ol Username admin Password admin123 Enable HTTP Proxy Host Port 10 1 10 100 3128 CO Enable HTTP Proxy Authentication Username Password O Enable IDS Evasion Random Proxy Proxy List oo mms Pause Maximum Pause Time seconds APA E When modifying configuration do not forget to confirm the changes by clicking Apply button at the bottom of the dialog window Configuration File The configuration settings visible through configuration interface in GUI mode are actually stored in a configuration file lt webshag directory gt config webshag conf When using webshag in CLI mode these parameters can be updated by directly editing the configuration file 0x1001 Reporting Graphical User Interface Webshag allows exporting scan reports in three different formats XML HTML and TXT This reports can summarize the results of a single module or of any combination of modules including all To export scan reports use the File gt Export menu Then simply choose the destination file the elements to include in the report and the format Export Report Xx Export Results N Port Scanner Y Info M Spider URL Scanner Fuzzer Output File ke a Output File Format html y Export Failed X Close of Apply webshag 1 00 Mozilla Firefox Ele Edit View History Bookmarks Tools Help Q G O filewinmpir
5. set the m option to uscan The optional port s root directory ies skip string and server parameters can be specified using p r k and s options respectively 0x0111 FUZZ Module Basics The file fuzzing module can be used to discover hidden unliked files on the server It can be used in two distinct modes of operation list mode and generator mode The list mode relies on lists of common filenames and directory names and exhaustively tries to request all the entries These lists are configured in program configuration The user can specify a default extension to be added to all filenames e g php or htm The second mode uses a generator string to generate several filenames according to a given format For instance the generator string image 0 9 2 jpg is expanded as image 00 jpg image 99 jpg The advantage of this mode is that it allows to perform context aware fuzzing Indeed it allows to incorporate some knowledge about the environment in fuzzing process The syntax of the generator parts to be expanded is charset size This means that such substrings will be replaced by all possible values and that the remaining of the generator string will remain unchanged The table below summarizes the available character sets expression elements 0 9 0123456789 a z abcdefghijklmnopqrstuvwxyz A Z ABCDEFGHIJKLMNOPQRSTUVWXYZ a Z abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
6. O BWNP 0x0010 Getting Started Graphical User Interface Webshag is primarily meant to be run in a graphical environment It is thus provided with a full featured graphical user interface As this is the default mode to start the application in GUI mode simply run the main script without any parameter The version installed by Windows installer is meant to be run in GUI mode only To run webshag on Windows systems simply do as usual webshag 1 00 File Tools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target host IPva Lex Results Open Ports Port Details webshag version 1 00 Console lt IDLE gt To switch between the audit module use the tabs located below the menu bar Note that execution of modules is multi threaded it is thus possible to run several modules at the same time The status of each module is indicated on bottom lt IDLE gt or lt RUNNING gt Command Line Interface Despite being primarily meant to be run in GUI mode webshag also provides a full featured command line interface except the version installed by Windows installer It can thus be run in CLI mode on machines without graphical environment on remote machines e g over ssh or simply if you prefer to use a command line tool To use webshag in CLI mode use the C option The complete set of options some of which are specific to a given module
7. Webshag 1 00 User Manual Information Security Table of Contents 0x0000 DESErIPtlON trino a aea 3 OXOOO Intl aaa 4 0x0010 Getting Had o Ehe 5 OXDOTLPSCAN Module una a A 6 OXOTOC INFO Module iaa A ona 7 0X010 SPIDER Module na u as 8 DXOILO SEAN Module are er 9 0x0111 FUZZ Modes u RR Area 11 8xX1000 Confietratlon A EEE 13 OXTOOTYREPOFEINB a einen ns da ad 14 0x1010 Acknowledgments u u u ssssesssrrrrererr reen ener rener rr ener kreere renerne renerne renerne 15 0x0000 Description Webshag is a multi threaded multi platform web server audit tool Written in Python it gathers commonly useful functionalities for web server auditing like website crawling URL scanning or file fuzzing Webshag can be used to scan a web server in HTTP or HTTPS through a proxy and using HTTP authentication Basic and Digest In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated e g use a different random per request HTTP proxy server It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames in addition to common list based fuzzing Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets For this purpose webshag implements a web page fingerprinting mechan
8. eport htmn Fe Audit Report webshag 1 00 Port Scanner 10 1 10 101 22 tcp Service ssh Product OpenssH os Linux 80 tcp Service http Product Apache httpd URL Scanner 10 1 10 101 80 10 1 10 101 Server Banner Apache 2 2 4 Ubuntu PHP 5 2 3 lubuntu6 apache 200 TRACE option appears to allow XSS or credential theft See http www cgisecurity com whitehat mirror WhitePaper_screen pdf for details 200 index php PHPB8B5F2A0 3C92 11d3 A3A9 4C7B08C10000 PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings 200 phpmyadmin phpMyAdmin is for managing MySQL databases and should be protected or limited to authorized hosts 200 icons Directory indexing is enabled icons Done none Command Line Interface When using CLI it is also possible to export scan reports but summarizing only the results of a single module as CLI mode only allows to run one module at a time This is controlled by options x trigger export o output format and f file For instance to run URL scanner exporting the results as ah HTML file use the following command webshag py C m uscan x o html f tmp wsreport html 10 1 10 101 0x1010 Acknowledgments Thanks To Chris Sullo CIRT net OSVDB for granting us the right to use Nikto vulnerability database Credits Webshag is distributed w
9. es dit Expression log a 2 10 9 2 txt se Arnal uppat images pscto s1t3 rnG Switch to List Mode Results Targets Results 10 51 41 36 80 INF FP images gt 2004text htmlitafebc34e74901ac7fef534963e364b51496ee7bf05a3ebdfb70b43dd5b81f7fo8 INF FP images CX8VT9Py gt 404 text html a0c017e8f3f001e7bcd7ae19389fcad7 6596e0bfbf82d6d3fe35239a191a3ff7 200 fimages DSCOO1 PNG 200 images DSC012 PNG Console TARGET Scanning 10 51 41 36 80 lt IDLE gt Command Line Interface To run this module in CLI mode run webshag with C option and set the m option to fuzz The mode of operation is specified by n option n list or n gen and is completed by e extension or g generator depending on the chosen mode The optional port s and root directory ies can be specified using p and r options respectively 0x1000 Configuration Configuration Menu All the application wide settings as well as variables that are not supposed to vary often can be modified through program configuration menu Tools gt Config These include the various paths to database files the HTTP settings proxy authentication IDS evasion the number of threads to use per module the Live Search AppiID Configuration Configuration settings Please refer to documentation for detailed explanation
10. esses When using the spider module you can specify the target hostname of IPv4 address the port and the crawling starting point most of the time will do the trick however you can use any other path as starting point Graphical User Interface To run the spider module select the SPIDER tab fill in the target the port and the starting point root and press the OK button Note that in addition to visible links the spider explicitly mis uses existing robots txt file It extracts all the directories specified in robots txt and tries to crawl them This functionality can however be deactivated in configuration webshag 1 00 JAE File Tools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target host IPv4 Port 80 Start index html 10 51 41 36 so Ir ok Q stop Results internal directories emails I robots wstwebserver com robots pagel wstwebserver com basic page2 wstwebserver com Idigest page3 wstwebserver com favalanche content a external links limages Console INFO Spidering 10 51 41 36 80 ERROR HEAD digest gt 401 ERROR HEAD basic gt 401 lt IDLE gt Command Line Interface To run this module in CLI mode run webshag with C option and set the m option to spider 0x0110 USCAN Module Basics The URL scanner module allows performing a vulnerability scan on the target web server applicat
11. ion For this it relies both on the Nikto 2 database and on a custom database specially meant for home tests The URL scanner module of webshag uses an innovative false positive detection algorithm based on page fingerprinting In more details before scanning the target it fingerprints a few interesting pages to analyze the typical responses of the server It then uses these fingerprints to detect false positives and remove them on the fly from results Graphical User Interface To run the URL scanner select the USCAN tab and fill in the required parameters The target s are given by the target and port fields and the root directory ies can be specified by the root field All these fields can contain one or several comma separated values The skip string field can be used to provide a string causing results to be ignored In more details if the skip string is present in the server response the result is ignored The target webserver can be forced using the available list of servers If this option is set to default auto the server is automatically detected webshag 1 00 auna Ele Jools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target s host1 host2 Port s 80 8080 10 51 41 36 80 stop Root diractotiaa dirf Ji Siap String Not Faondi PA 1 1content Jimages webserver auto v Results Targets Results SRV Apache 2 2 4 Ubuntu PHP S 2 3 1ubuntus gt apache
12. ism resistant to content changes This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with soft 404 server responses Webshag provides a full featured and intuitive graphical user interface as well as a text based command line interface and is available for Linux and Windows platforms 0x0001 Install Requirements To be fully functional webshag needs the following elements to be previously installed x Python or ActivePython virtual machine x wxPython GUI toolkit x Nmap port scanner for port scanning module only x A valid Live Search AppID for domain information module only Note that if webshag is installed using the Windows installer Python and wxPython are not required Linux Download the application archive from http www scrt ch pages outils html into the desired location e g webshag_1 00 Move to the corresponding directory and extract the contents of the archive Execute the configuration script Windows Download the Windows installer from http www scrt ch pages outils html and execute it After installing the application remember to setup your Live Search AppID in menu Tools gt Config If Nmap has not been automatically detected also setup the correct path to Nmap http www python org http www activestate com Products activepython http www wxpython org http nmap org http search live com developer U
13. ith files from Nikto vulnerability database Webshag is distributed with fuzzing directory lists taken from OWASP DirBuster Project Webshag Windows installer has been built using py2exe and Jordan Russell s Inno Setup 10 http www cirt net 11 http osvdb org 12 http www owasp org index php Category OWASP_DirBuster_Project 13 http www py2exe org 14 http www jrsoftware org isinfo php
14. ve this it uses the web service provided by the Microsoft Live Search To use this module you thus need to have a valid App D and enter it in the webshag configuration file Refer to the Configuration chapter for more details Graphical User Interface To run the domain information module in GUI mode select INFO tab simply enter the target hostname or IPv4 address and click OK webshag 1 00 Sells File Tools Help PSCAN INFO SPIDER USCAN FUZZ Settings Target host IPv4 wwwslashdot org ok Results Domains games slashdot org apple slashdot org interviews slashdot org hardware slashdot org it slashdot org ask slashdot org science slashdot org politics slashdot org slashdot org Copy slashdot org Console INFO Domains of 66 35 250 151 retrieved INFO Found 35 domains lt IDLE gt The Copy field below the results simply repeats the selected result to allow user to copy paste long domain names Command Line Interface To run the port scanning module in CLI mode run webshag with C option and set m option to info webshag py C m info www slashdot org 7 http www live com 8 http search live com developer 0x0101 SPIDER Module Basics The web spider module allows to crawl a whole website while extracting all the encountered directory names links to external websites and e mail addr

Webshag 1.00

Contents

Download Pdf Manuals

Related Search

Related Contents