Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,830 --> 00:00:01,490 Welcome back. 2 00:00:02,180 --> 00:00:10,190 Now we're going to discuss a tool called What What this tool is used to gather information and to scan 3 00:00:10,460 --> 00:00:12,200 any website on the Internet. 4 00:00:12,200 --> 00:00:18,080 So it is primarily used to scan websites, since this tool recognizes web technologies, including Web 5 00:00:18,080 --> 00:00:24,560 servers and better devices, JavaScript libraries and many more things, they explain it really well 6 00:00:24,800 --> 00:00:27,050 on the website page for this tool. 7 00:00:28,040 --> 00:00:32,300 So we can read right here about all of the details that this tool has. 8 00:00:33,060 --> 00:00:36,440 We cannot, as they have over seventeen hundred plug ins. 9 00:00:37,280 --> 00:00:40,670 Each one of them used to recognize something different. 10 00:00:41,420 --> 00:00:47,450 So they use these plug ins to perform the scan on the website and discover what technologies does that 11 00:00:47,450 --> 00:00:48,200 website run. 12 00:00:49,170 --> 00:00:55,890 What is important for us is the second paragraph since down here, it tells us that the level of aggression 13 00:00:55,890 --> 00:01:00,360 called stealthy is the fastest and requires only one HTP request of a website. 14 00:01:00,900 --> 00:01:07,710 Now, what this simply means is that this WHATFOR tool has different levels for scanning and the default 15 00:01:07,710 --> 00:01:15,200 level is the level of aggression that is called stealthy, which we can use on any website that we want. 16 00:01:16,020 --> 00:01:22,520 The other levels of scanning are more aggressive and should only be performed during penetration tests. 17 00:01:23,190 --> 00:01:28,900 So we should not use the more aggressive scans on the websites that we do not have permission to scan. 18 00:01:29,520 --> 00:01:34,220 We can, however, use the stealth can on any website that we want on the Internet. 19 00:01:35,210 --> 00:01:39,830 Then don't worry, we are going to see all of these options in just a second for now. 20 00:01:40,010 --> 00:01:42,370 It's good that we know what we can or cannot do. 21 00:01:42,770 --> 00:01:45,290 So let's test this tool out in our clinics. 22 00:01:46,700 --> 00:01:53,000 To do it, open up your terminal and to check out all of the options we can do with WhatsApp, you can 23 00:01:53,000 --> 00:01:56,750 simply just type what while in your terminal and press enter. 24 00:01:57,990 --> 00:02:04,140 This will give you a smaller health menu with some of the basic features that Fastweb has, as we can 25 00:02:04,140 --> 00:02:04,480 see. 26 00:02:04,500 --> 00:02:09,720 We can specify targets which can be anything from Earles Hostname or IP addresses. 27 00:02:10,510 --> 00:02:13,910 Here is that aggression level, which we specify like this. 28 00:02:14,610 --> 00:02:21,030 There is the aggression level one, which is stealthy and the aggression level three, which is aggressive. 29 00:02:22,340 --> 00:02:28,070 The default level is level one, which is good to notice, so we don't want to change this if we can 30 00:02:28,070 --> 00:02:33,440 a random website on the Internet, we can also list all of the plugins that it uses. 31 00:02:33,590 --> 00:02:39,290 But we are not currently interested in this and we can have also other both output. 32 00:02:40,650 --> 00:02:47,220 But these are just some of the options for the world to get even more available options with what web 33 00:02:47,460 --> 00:02:53,130 we can type the command, what web, dash, dash, help press, enter. 34 00:02:53,520 --> 00:02:59,670 And this will give us a much larger help manual with all of the possible options that we can use for 35 00:02:59,670 --> 00:03:00,150 what web. 36 00:03:00,840 --> 00:03:01,700 And down here. 37 00:03:01,800 --> 00:03:03,060 Here is the aggression level. 38 00:03:03,390 --> 00:03:08,970 We can see besides the stealthy, if we are going to use on random websites and besides the aggressive 39 00:03:08,970 --> 00:03:14,120 scan that you would use in a penetration test, there is even more aggressive scan called heavy. 40 00:03:14,490 --> 00:03:20,580 And it says right here makes a lot of HTP request, but target URLs from all plug ins are attempted. 41 00:03:21,530 --> 00:03:28,140 So this is basically the deepest scan that what Web tool can perform on a website up here are also the 42 00:03:28,140 --> 00:03:28,680 targets. 43 00:03:28,680 --> 00:03:30,360 So we specify a target first. 44 00:03:30,600 --> 00:03:32,340 And if I go all the way down. 45 00:03:34,300 --> 00:03:38,860 You will notice right here we got some of the examples of usage of what whip? 46 00:03:40,080 --> 00:03:45,870 So we can see right here that the most simple example is running water and then the domain name. 47 00:03:46,990 --> 00:03:52,030 So for the first run, let us go with this one, we're only going to specify website as an option, 48 00:03:52,240 --> 00:03:53,920 so just type down here what web? 49 00:03:54,670 --> 00:03:58,830 And since we are using the aggression level one, we can scan any Web site that we want. 50 00:03:58,840 --> 00:04:00,430 So I'm going to go with this one. 51 00:04:01,210 --> 00:04:04,350 And this is just another university Web site from my country. 52 00:04:04,750 --> 00:04:09,250 Feel free to scan any Web site that you want, or you can also go with this one if you would like. 53 00:04:10,660 --> 00:04:17,380 If I press here, enter in just a few seconds, we should get response for this website. 54 00:04:18,800 --> 00:04:25,520 And here it is, we already got something, we got two responses is we can see by the links right here 55 00:04:26,000 --> 00:04:27,710 the command has finished executing. 56 00:04:27,710 --> 00:04:31,070 So let us just go through these results and see what we got. 57 00:04:31,970 --> 00:04:37,100 It tells us that it most likely performed the redirect as soon as we tried getting this link. 58 00:04:37,970 --> 00:04:41,620 We can also see that we got the Apache Web server. 59 00:04:41,930 --> 00:04:44,950 We even get the version, which is two point four point six. 60 00:04:45,920 --> 00:04:48,920 We got some cookies right here, which the website uses. 61 00:04:49,550 --> 00:04:54,200 We got from which country it is, which type of HTP server it uses. 62 00:04:54,900 --> 00:04:57,910 If I go down here, here is the IP address of this website. 63 00:04:58,190 --> 00:05:00,290 Here's the version that they use. 64 00:05:00,650 --> 00:05:02,240 And this redirects location. 65 00:05:02,240 --> 00:05:06,050 If you remember, I told you that it most likely redirected us to a different page. 66 00:05:06,500 --> 00:05:08,660 Here is to where it redirected us. 67 00:05:08,870 --> 00:05:12,500 And once we got redirected, we got the response of two hundred. 68 00:05:12,500 --> 00:05:18,230 OK, and this is just a response code which tells us that we successfully loaded a page. 69 00:05:19,580 --> 00:05:26,150 We got the same Apache version, the bootstrap version, which is it uses down here, we got the country 70 00:05:26,480 --> 00:05:29,810 and we also managed to extract some of the emails. 71 00:05:29,930 --> 00:05:37,010 As we can see down here, these are some of the emails from the page that belong to this domain down 72 00:05:37,010 --> 00:05:37,270 here. 73 00:05:37,280 --> 00:05:44,000 We also see that it uses HTML five, which HTP server it has, which Apache version it has, once again, 74 00:05:44,000 --> 00:05:46,760 which version the IP address. 75 00:05:47,320 --> 00:05:53,180 It also uses a very light box and a bunch of other things we can see right here. 76 00:05:53,600 --> 00:05:56,810 But I don't really like how this is outputted. 77 00:05:56,990 --> 00:06:00,500 It is hard to read to output this a little bit prettier. 78 00:06:00,660 --> 00:06:05,140 We can use this verbose option that I saw in the help menu. 79 00:06:05,360 --> 00:06:06,020 Here it is. 80 00:06:07,400 --> 00:06:12,070 And what this for option does is it also includes plug in descriptions. 81 00:06:12,550 --> 00:06:18,230 It will also tell us for each plugin that the what web tool managed to discover. 82 00:06:18,830 --> 00:06:21,320 It will tell us what exactly that plugin is. 83 00:06:21,740 --> 00:06:22,670 So let's try that. 84 00:06:23,000 --> 00:06:31,250 If I typed Waldwick and then the same website, but I add dash the option at the end and press enter. 85 00:06:33,660 --> 00:06:39,810 It will pretty much give us the same result, just it will be outputted a whole lot better and easier 86 00:06:39,810 --> 00:06:43,410 to read if I scroll all the way up to the beginning of the comment. 87 00:06:45,100 --> 00:06:46,830 Remember, we got two responses. 88 00:06:47,460 --> 00:06:53,520 Here is the IP address, and this is the first request or first response which tells us to move to the 89 00:06:53,520 --> 00:06:54,230 actual website. 90 00:06:54,240 --> 00:06:55,920 So the redirect response. 91 00:06:57,090 --> 00:07:02,520 We get all of this information that we got previously, but we also get this section right here which 92 00:07:02,520 --> 00:07:03,960 says detected plugins. 93 00:07:04,560 --> 00:07:10,350 And for example, if we didn't know about the patch was we could read right here what Apache is. 94 00:07:11,160 --> 00:07:15,960 And down here we get the version that this website has of the Apache. 95 00:07:17,040 --> 00:07:18,310 We also get for cookies. 96 00:07:18,600 --> 00:07:26,390 Same thing for HTP server, we can see which operating system, which celebrities, which virginities. 97 00:07:26,750 --> 00:07:28,800 It tells us right here what B is. 98 00:07:28,800 --> 00:07:35,580 For example, if we didn't know PCP's a widely used general-purpose scripting language, redirect location. 99 00:07:35,850 --> 00:07:39,570 So after this request, it redirects us to this location. 100 00:07:40,640 --> 00:07:45,260 And down here, we get the response, two hundred for the actual page. 101 00:07:46,340 --> 00:07:52,670 We get once again the country, the IP address and all of the detected plug ins, and we can read through 102 00:07:52,670 --> 00:07:55,910 this and discover what is this website running? 103 00:07:56,840 --> 00:08:01,580 And it is outputted a whole lot better and easier to read than the previous comment. 104 00:08:02,580 --> 00:08:03,220 OK, good. 105 00:08:03,240 --> 00:08:09,360 So we managed to get the information as to what a certain Web site is running, which technologies it 106 00:08:09,360 --> 00:08:15,600 has, and in the next video, we're going to deeply go into this tool and try to perform some of the 107 00:08:15,600 --> 00:08:20,850 more aggressive scans, as well as experiment with some of the different options of what web as well. 11315