Webshag- Web Server Audit Tool


Intro - Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers useful common functionality for web server auditing like website crawling, URL scanning or file fuzzing.
The common functionalities of the webshag are -

  • Port Scanning .
  • Web Crawling. 
  • Url Scanning. 
  • Retrieving the list of domain names .
  • File fuzzing .


1. How to open
A. GUI Method
Application → Kali linux→ Web Applications → Web Vulnerability Scanners → webshag-gui
                 

B. Open Terminal type webshag-gui and hit enter

2. Here we didn’t configure webshag properly before using so we got this error while Uscan.
 ERROR : Invalid configuration value for ‘custom_db_dir’ parameter

3. Another error on FUZZ

4. Now time to set configure file so let’s start. First of all open webshag.conf file for this use these command after opening terminal
a. cd /usr/share/webshag/config
b. leafpad webshag.conf

5. Now locate the webshag config file by typing locate webshag command on terminal

6.  So we have we have locate webshag info and webshag.conf file now copy some configuration source from locate webshag and paste it on webshag.conf file.
View image for finding out which one you need to copy and paste.

7. Save webshag.conf file.

8. Pscan -  Write your target host/IPv4 in target field than click ok, your scan will be start. As result you will see all open ports and ports details.

9. Spider – Write your target host/ IPv4 in target area than click on OK, As result you can see internal directories, Emails and external links which are attached with your host/IPv4.

10. UScan – This scan is most important part in webshag. Uscan will find out vulnerability in target host and also tell you about exploit.  Write your target host in target area than click on OK for starting Uscan. As result you can see we found remote vulnerabilities in our target url.

11. Fuzz - As we all know is a Fuzzer which also runs through the site and find the folders of the services that are running on that site.

Comments