Welcome back to CyberShield! Amra ager post-e Nmap diye network scanning shikhechi. Kintu jokhon apnar target ekti website hoy, tokhon shudhu port scan korle hoy na; apnake jante hoy shei site-ti kon technology diye toiri.
Ajke amra ekti powerful reconnaissance tool niye alochona korbo, jar nam holo WhatWeb.
WhatWeb Ki?
WhatWeb holo ekti open-source "Next-generation web scanner." Eti ekti website-er technology stack identify korte babohar kora hoy. Mane, ekti site kon CMS (Content Management System), kon web server, kon programming language, ebong kon kon plugin babohar korche, ta WhatWeb ekti command-er maddhome bole dite pare.
WhatWeb Keno Babohar Korben?
Passive Reconnaissance-er khetre WhatWeb khub-i guruttopurno. Eti diye niche-r jinish gulo khuje paoa jay:
CMS Discovery: Site-ti ki WordPress, Joomla, naki Drupal?
Web Server Information: Server-ti ki Apache, Nginx, naki Microsoft-IIS?
Frameworks: Site-ti ki React, Vue.js, naki Laravel babohar korche?
Plugins & Widgets: Kon kon tracker (jemon Google Analytics) ba security plugin use kora hocche.
IP Address & Country: Server-er location ebong IP.
Essential WhatWeb Commands and Flags
WhatWeb babohar kora khub-i shohoj. Kali Linux terminal-e niche-r command gulo try korun:
Command | Description |
|---|---|
| Simple scan (Single website). |
| Verbose Mode: Technology gulo niye bistarito info dekhabe. |
| Aggressive Scan: Beshi level-er depth scanning (Eti detection-er risk baray). |
| Bulk Scan: Ekti file theke onek gulo URL eksathe scan kora. |
| Scan korar somoy error message gulo skip korbe. |
Practical Example: Identifying a Target
Dhorun, apni ekti target site example.com test korchen.
1. Basic Scan
whatweb example.com
Ekhane apni ekti summary paben, jemon: [200 OK] Apache[2.4.41], WordPress[6.4], PHP[7.4.3], Google-Analytics[UA-XXXXX].
2. Deep Analysis (Verbose)
whatweb -v example.com
Verbose mode-e apni protiti plugin-er version ebong developer-er details-o dekhte paben. Version jante parle, apni shei specific version-er jonno kono known vulnerability (CVE) ache kina ta search korte parben.
How it Helps in Pentesting?
Professional hackers-ra WhatWeb use kore target-er "Attack Surface" bujhar jonno.
Jodi WhatWeb dekhay je site-ti ekti Old WordPress Version use korche, tokhon hacker-ra shei version-er exploit khuje ber kore.
Jodi dekhay server-ti Outdated Nginx use korche, tokhon server-level-e attack kora shohoj hoy.
How to Protect Your Website?
Website owner hishebe apni kivabe technology reveal kora bondho korben?
Hide Header Information: Web server config theke "Server Token" bondho kore din.
Security Plugins: WordPress hole "Hide My WP" er moto plugin use kora jay.
WAF (Web Application Firewall): Cloudflare-er moto WAF use korle scan kora kothin hoye pore.
Update Regularly: Shob somoy software ebong plugins update rakhun jate technology stack reveal holeo keu known exploit use korte na pare.
Conclusion
WhatWeb reconnaissance-er ekti khub-i effective tool. Eti choto kintu pro-level-er result dey. Apnar ethical hacking journey-te target-ke bhalobhabe chinar jonno WhatWeb-er proyog oboshshoi shikhte hobe.

Comments
Post a Comment