Skip to content

To Do

Jump to bottom Edit New page
bcoles edited this page May 14, 2011 · 17 revisions

Fix Issues

Resolve these issues:

  • Issue 39 - Both XML and MagicTree XML output are malformed when appended to an existing log file.
  • Issue 42 - -p argument fails for plugin names when both names and paths are provided
  • Issue 43 - non-English ASCII characters cause a partial overwrite of some ouput data

MD5 Matches

Implement aggressive md5 hash matches for version detection in popular open source software. WAFP and BlindElephant style.

Follow frames

Many websites still use frames on intro pages. A --follow-frames option would allow WhatWeb to grab these URLs instead of being stuck trying to fingerprint a HTML frameset.

--follow-frames=WHEN    Control when to follow frames. WHEN may be `never',
                        `frame-only', `iframe-only', `same-site', `same-domain'
                        or `always'. Default: never

Should frames be followed by default? Should following off-site frames be ignored or be a configurable option? Would never or same-site be the best default?

Logging

WhatWeb features Mongo database support however sqlite is much easier to set up.

Does anyone want support for logging to sqlite3 databases? Please let us know your thoughts on how the data should be organized, such as table names, column names, etc.

Aggression Level Five

Aggression level 5 will be used for requests which are directly related to compromising the security of a device or service without exploitation.

This includes requests designed to discover weak access controls caused by misconfiguration and requests designed to retrieve information from known information disclosure issues.

  • Update Cisco-IOS plugin to determine if the device requires authorization using /level/[INTEGER]/exec/- requests
  • Attempt login with default www-authorization credentials basic|digest base64(user:pass)
  • Allow plugins to set custom headers, such as www-authenticate and cookies

Categorization

See the Categorization section on the Discussion page for more information, including suggested category names.

Goals of categorisation:

  • Run all plugins for a certain category:

./whatweb -c SCADA

  • Display and group by categories in logging/output:
http://example.com [200]
HTML-Elements: Title, Meta-Generator, Script, Frame
Server: Apache
Web-App: Wordpress

  • Multiple categories for plugins:

    • ordered by priority, ie, where conflicts exist in grouping, go with the first option.
category ["SCADA", "Device"]
Add a custom footer

I - Basics

  1. Installation
  2. Features
  3. Example Usage
  4. Advanced Usage

II - Development

III - Bugs

Clone this wiki locally