Skip to content

To Do

Jump to bottom Edit New page
bcoles edited this page Jul 30, 2011 · 17 revisions

Fix Issues

Resolve these issues:

  • Issue 39 - Both XML and MagicTree XML output are malformed when appended to an existing log file.
  • Issue 42 - -p argument fails for plugin names when both names and paths are provided
  • Issue 43 - non-English ASCII characters cause a partial overwrite of some ouput data

MD5 Matches

Implement aggressive md5 hash matches for version detection in popular open source software. WAFP and BlindElephant style.

Follow frames

Many websites still use frames on intro pages. A --follow-frames option would allow WhatWeb to grab these URLs instead of being stuck trying to fingerprint a HTML frameset.

--follow-frames=WHEN    Control when to follow frames. WHEN may be `never',
                        `frame-only', `iframe-only', `same-site', `same-domain'
                        or `always'. Default: never

Should frames be followed by default? Should following off-site frames be ignored or be a configurable option? Would never or same-site be the best default?

Aggression Level Five

Aggression level 5 will be used for requests which are directly related to compromising the security of a device or service without exploitation.

This includes requests designed to discover weak access controls caused by misconfiguration and requests designed to retrieve information from known information disclosure issues.

  • Update Cisco-IOS plugin to determine if the device requires authorization using /level/[INTEGER]/exec/- requests
  • Attempt login with default www-authorization credentials basic|digest base64(user:pass)
  • Allow plugins to set custom headers, such as www-authenticate and cookies

Categorization

See the Categorization section on the Discussion page for more information, including suggested category names.

Goals of categorization:

  • Run all plugins for a certain category:

./whatweb -c SCADA

  • Display and group by categories in logging/output:
http://example.com [200]
HTML-Elements: Title, Meta-Generator, Script, Frame
Server: Apache
Web-App: Wordpress

  • Multiple categories for plugins:

    • ordered by priority, ie, where conflicts exist in grouping, go with the first option.
category ["SCADA", "Device"]

  • SSL Certificates

    • Extract hostname from ssl certificates
    • Should we test ciphers? Hmm.. probably not.
Add a custom footer

I - Basics

  1. Installation
  2. Features
  3. Example Usage
  4. Advanced Usage

II - Development

III - Bugs

Clone this wiki locally