Backtrack, Linux, Penetration Testing, Tools

Web server audit tool – Webshag

Webshag page

1. Open your BackTrack VM.

2. Goto Applications->BackTrack->Information Gathering->Web Application Analysis->Web Crawlers->webshag-cli

3. Execute the following command to uscan a host on port 80:


4. Options:
–version show program’s version number and exit

-h, –help show this help message and exit

-U Update the URL scanner databases and exit

-m MODULE Use MODULE [pscan|info|spider|uscan|fuzz]. (default: uscan)

-p PORT Set target port to PORT. For modules uscan and fuzz PORT can
be a list of ports [port1,port2,…]. (default: 80)

-r ROOT Set root directory to ROOT. For modules uscan and fuzz ROOT
can be a list of directories [/root1/,/root2/,…].
(default: /)

-k SKIP *uscan only* Set a false positive detection string

-s SERVER *uscan only* Bypass server detection and force server as

-i SPIDER_INIT *spider only* Set spider initial crawling page (default: /)

-n FUZZ_MODE *fuzz only* Choose the fuzzing mode [list|gen]. (default:

-e FUZZ_CFG *fuzz / list only* Set the fuzzing parameters for list mode.
11 = fuzz directories and files; 01 = fuzz files only; 10 =
fuzz directories only; 00 = fuzz nothing. (default: 11)

-g FUZZ_GEN *fuzz / gen only* Set the filename generator expression.
Refer to documentation for syntax reference. (default: )

-x Export a report summarizing results.

-o OUTPUT Set the format of the exported report. [xml|html|txt].
(default: html)

-f OUTPUT_FILE Write report to FILE. (default: webshag_report.html)