1
00:00:00,830 --> 00:00:01,490
Welcome back.

2
00:00:02,180 --> 00:00:10,190
Now we're going to discuss a tool called What What this tool is used to gather information and to scan

3
00:00:10,460 --> 00:00:12,200
any website on the Internet.

4
00:00:12,200 --> 00:00:18,080
So it is primarily used to scan websites, since this tool recognizes web technologies, including Web

5
00:00:18,080 --> 00:00:24,560
servers and better devices, JavaScript libraries and many more things, they explain it really well

6
00:00:24,800 --> 00:00:27,050
on the website page for this tool.

7
00:00:28,040 --> 00:00:32,300
So we can read right here about all of the details that this tool has.

8
00:00:33,060 --> 00:00:36,440
We cannot, as they have over seventeen hundred plug ins.

9
00:00:37,280 --> 00:00:40,670
Each one of them used to recognize something different.

10
00:00:41,420 --> 00:00:47,450
So they use these plug ins to perform the scan on the website and discover what technologies does that

11
00:00:47,450 --> 00:00:48,200
website run.

12
00:00:49,170 --> 00:00:55,890
What is important for us is the second paragraph since down here, it tells us that the level of aggression

13
00:00:55,890 --> 00:01:00,360
called stealthy is the fastest and requires only one HTP request of a website.

14
00:01:00,900 --> 00:01:07,710
Now, what this simply means is that this WHATFOR tool has different levels for scanning and the default

15
00:01:07,710 --> 00:01:15,200
level is the level of aggression that is called stealthy, which we can use on any website that we want.

16
00:01:16,020 --> 00:01:22,520
The other levels of scanning are more aggressive and should only be performed during penetration tests.

17
00:01:23,190 --> 00:01:28,900
So we should not use the more aggressive scans on the websites that we do not have permission to scan.

18
00:01:29,520 --> 00:01:34,220
We can, however, use the stealth can on any website that we want on the Internet.

19
00:01:35,210 --> 00:01:39,830
Then don't worry, we are going to see all of these options in just a second for now.

20
00:01:40,010 --> 00:01:42,370
It's good that we know what we can or cannot do.

21
00:01:42,770 --> 00:01:45,290
So let's test this tool out in our clinics.

22
00:01:46,700 --> 00:01:53,000
To do it, open up your terminal and to check out all of the options we can do with WhatsApp, you can

23
00:01:53,000 --> 00:01:56,750
simply just type what while in your terminal and press enter.

24
00:01:57,990 --> 00:02:04,140
This will give you a smaller health menu with some of the basic features that Fastweb has, as we can

25
00:02:04,140 --> 00:02:04,480
see.

26
00:02:04,500 --> 00:02:09,720
We can specify targets which can be anything from Earles Hostname or IP addresses.

27
00:02:10,510 --> 00:02:13,910
Here is that aggression level, which we specify like this.

28
00:02:14,610 --> 00:02:21,030
There is the aggression level one, which is stealthy and the aggression level three, which is aggressive.

29
00:02:22,340 --> 00:02:28,070
The default level is level one, which is good to notice, so we don't want to change this if we can

30
00:02:28,070 --> 00:02:33,440
a random website on the Internet, we can also list all of the plugins that it uses.

31
00:02:33,590 --> 00:02:39,290
But we are not currently interested in this and we can have also other both output.

32
00:02:40,650 --> 00:02:47,220
But these are just some of the options for the world to get even more available options with what web

33
00:02:47,460 --> 00:02:53,130
we can type the command, what web, dash, dash, help press, enter.

34
00:02:53,520 --> 00:02:59,670
And this will give us a much larger help manual with all of the possible options that we can use for

35
00:02:59,670 --> 00:03:00,150
what web.

36
00:03:00,840 --> 00:03:01,700
And down here.

37
00:03:01,800 --> 00:03:03,060
Here is the aggression level.

38
00:03:03,390 --> 00:03:08,970
We can see besides the stealthy, if we are going to use on random websites and besides the aggressive

39
00:03:08,970 --> 00:03:14,120
scan that you would use in a penetration test, there is even more aggressive scan called heavy.

40
00:03:14,490 --> 00:03:20,580
And it says right here makes a lot of HTP request, but target URLs from all plug ins are attempted.

41
00:03:21,530 --> 00:03:28,140
So this is basically the deepest scan that what Web tool can perform on a website up here are also the

42
00:03:28,140 --> 00:03:28,680
targets.

43
00:03:28,680 --> 00:03:30,360
So we specify a target first.

44
00:03:30,600 --> 00:03:32,340
And if I go all the way down.

45
00:03:34,300 --> 00:03:38,860
You will notice right here we got some of the examples of usage of what whip?

46
00:03:40,080 --> 00:03:45,870
So we can see right here that the most simple example is running water and then the domain name.

47
00:03:46,990 --> 00:03:52,030
So for the first run, let us go with this one, we're only going to specify website as an option,

48
00:03:52,240 --> 00:03:53,920
so just type down here what web?

49
00:03:54,670 --> 00:03:58,830
And since we are using the aggression level one, we can scan any Web site that we want.

50
00:03:58,840 --> 00:04:00,430
So I'm going to go with this one.

51
00:04:01,210 --> 00:04:04,350
And this is just another university Web site from my country.

52
00:04:04,750 --> 00:04:09,250
Feel free to scan any Web site that you want, or you can also go with this one if you would like.

53
00:04:10,660 --> 00:04:17,380
If I press here, enter in just a few seconds, we should get response for this website.

54
00:04:18,800 --> 00:04:25,520
And here it is, we already got something, we got two responses is we can see by the links right here

55
00:04:26,000 --> 00:04:27,710
the command has finished executing.

56
00:04:27,710 --> 00:04:31,070
So let us just go through these results and see what we got.

57
00:04:31,970 --> 00:04:37,100
It tells us that it most likely performed the redirect as soon as we tried getting this link.

58
00:04:37,970 --> 00:04:41,620
We can also see that we got the Apache Web server.

59
00:04:41,930 --> 00:04:44,950
We even get the version, which is two point four point six.

60
00:04:45,920 --> 00:04:48,920
We got some cookies right here, which the website uses.

61
00:04:49,550 --> 00:04:54,200
We got from which country it is, which type of HTP server it uses.

62
00:04:54,900 --> 00:04:57,910
If I go down here, here is the IP address of this website.

63
00:04:58,190 --> 00:05:00,290
Here's the version that they use.

64
00:05:00,650 --> 00:05:02,240
And this redirects location.

65
00:05:02,240 --> 00:05:06,050
If you remember, I told you that it most likely redirected us to a different page.

66
00:05:06,500 --> 00:05:08,660
Here is to where it redirected us.

67
00:05:08,870 --> 00:05:12,500
And once we got redirected, we got the response of two hundred.

68
00:05:12,500 --> 00:05:18,230
OK, and this is just a response code which tells us that we successfully loaded a page.

69
00:05:19,580 --> 00:05:26,150
We got the same Apache version, the bootstrap version, which is it uses down here, we got the country

70
00:05:26,480 --> 00:05:29,810
and we also managed to extract some of the emails.

71
00:05:29,930 --> 00:05:37,010
As we can see down here, these are some of the emails from the page that belong to this domain down

72
00:05:37,010 --> 00:05:37,270
here.

73
00:05:37,280 --> 00:05:44,000
We also see that it uses HTML five, which HTP server it has, which Apache version it has, once again,

74
00:05:44,000 --> 00:05:46,760
which version the IP address.

75
00:05:47,320 --> 00:05:53,180
It also uses a very light box and a bunch of other things we can see right here.

76
00:05:53,600 --> 00:05:56,810
But I don't really like how this is outputted.

77
00:05:56,990 --> 00:06:00,500
It is hard to read to output this a little bit prettier.

78
00:06:00,660 --> 00:06:05,140
We can use this verbose option that I saw in the help menu.

79
00:06:05,360 --> 00:06:06,020
Here it is.

80
00:06:07,400 --> 00:06:12,070
And what this for option does is it also includes plug in descriptions.

81
00:06:12,550 --> 00:06:18,230
It will also tell us for each plugin that the what web tool managed to discover.

82
00:06:18,830 --> 00:06:21,320
It will tell us what exactly that plugin is.

83
00:06:21,740 --> 00:06:22,670
So let's try that.

84
00:06:23,000 --> 00:06:31,250
If I typed Waldwick and then the same website, but I add dash the option at the end and press enter.

85
00:06:33,660 --> 00:06:39,810
It will pretty much give us the same result, just it will be outputted a whole lot better and easier

86
00:06:39,810 --> 00:06:43,410
to read if I scroll all the way up to the beginning of the comment.

87
00:06:45,100 --> 00:06:46,830
Remember, we got two responses.

88
00:06:47,460 --> 00:06:53,520
Here is the IP address, and this is the first request or first response which tells us to move to the

89
00:06:53,520 --> 00:06:54,230
actual website.

90
00:06:54,240 --> 00:06:55,920
So the redirect response.

91
00:06:57,090 --> 00:07:02,520
We get all of this information that we got previously, but we also get this section right here which

92
00:07:02,520 --> 00:07:03,960
says detected plugins.

93
00:07:04,560 --> 00:07:10,350
And for example, if we didn't know about the patch was we could read right here what Apache is.

94
00:07:11,160 --> 00:07:15,960
And down here we get the version that this website has of the Apache.

95
00:07:17,040 --> 00:07:18,310
We also get for cookies.

96
00:07:18,600 --> 00:07:26,390
Same thing for HTP server, we can see which operating system, which celebrities, which virginities.

97
00:07:26,750 --> 00:07:28,800
It tells us right here what B is.

98
00:07:28,800 --> 00:07:35,580
For example, if we didn't know PCP's a widely used general-purpose scripting language, redirect location.

99
00:07:35,850 --> 00:07:39,570
So after this request, it redirects us to this location.

100
00:07:40,640 --> 00:07:45,260
And down here, we get the response, two hundred for the actual page.

101
00:07:46,340 --> 00:07:52,670
We get once again the country, the IP address and all of the detected plug ins, and we can read through

102
00:07:52,670 --> 00:07:55,910
this and discover what is this website running?

103
00:07:56,840 --> 00:08:01,580
And it is outputted a whole lot better and easier to read than the previous comment.

104
00:08:02,580 --> 00:08:03,220
OK, good.

105
00:08:03,240 --> 00:08:09,360
So we managed to get the information as to what a certain Web site is running, which technologies it

106
00:08:09,360 --> 00:08:15,600
has, and in the next video, we're going to deeply go into this tool and try to perform some of the

107
00:08:15,600 --> 00:08:20,850
more aggressive scans, as well as experiment with some of the different options of what web as well.