Skip to content

Example Usage

Krish Lalwani edited this page Jun 12, 2024 · 1 revision

Example Usage

Examples of how to use WhoKnows to scan.

Using WhoKnows to scan reddit.com.

$ ./whoknows reddit.com
http://reddit.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[snooserv], IP[151.101.65.140], RedirectLocation[https://www.reddit.com/], UncommonHeaders[retry-after,x-served-by,x-cache-hits,x-timer], Via-Proxy[1.1 varnish]
https://www.reddit.com/ [200 OK] Cookies[edgebucket,eu_cookie_v2,loid,rabt,rseor3,session_tracker,token], Country[UNITED STATES][US], Email[banner@2x.png,snoo-home@2x.png], Frame, HTML5, HTTPServer[snooserv], HttpOnly[token], IP[151.101.37.140], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=15552000; includeSubDomains; preload], Title[reddit: the front page of the internet], UncommonHeaders[fastly-restarts,x-served-by,x-cache-hits,x-timer], Via-Proxy[1.1 varnish], X-Frame-Options[SAMEORIGIN]

Scan a single website

whoknows example.com

This is the simplest way to scan a website. Specify a URL on the command-line.

Scan multiple websites

whoknows reddit.com slashdot.org twitter.com

You can scan multiple websites by specifying the URLs on the commandline

Scan a list of URLs from a file

whoknows --input-file list.txt

You can scan the URLs specified in list.txt.

whoknows -i list.txt

It is faster to just type -i than --input-list.

Pipe a list of URLs on STDIN

echo -e "facebook.com\ninstagram.com\ntwitter.com" | ./whoknows -i /dev/stdin

In this case we are using -i (--input-file) to read from a file but the file is /dev/stdin. This lets use pipe in URLs from another source.

Verbose output

If you want verbose output that describes what the plugins mean, use -v.

whoknows --verbose reddit.com

It is faster to type -v than --verbose.

whoknows -v reddit.com

Really verbose output

You can specify --verbose twice to get even more information. This shows us how each plugin is matched and is especially helpful for debugging plugins.

In this example we use use -vv instead of -v -v or even --verbose --verbose.

whoknows -vv reddit.com

Aggressive scans

Set the aggressive mode to 3 (Aggressive). If any plugins match in passive mode, then the aggressive tests for the plugin will be triggered. This is very useful in version detection.

whoknows --aggression 3 www.wired.com

It is faster to type -a than --aggressive.

whoknows -a 3 www.wired.com

Scan a network range

whoknows --no-errors 192.168.0.0/24

You can specify network ranges. In this example we want to scan the local RFC1918 IP addresses from 192.168.0.0 to 192.168.0.255. This range is represented as 192.168.0.0/24.

We have added --no-errors to suppress the errors for every IP address that does not have a web server.

Scanning a network range for https websites

We are adding a prefix to every URL. In this case the prefix is https://.

whoknows --no-errors --url-prefix https:// 192.168.0.0/24

Scan for crossdomain policies in the Alexa Top 1000.

In this case we are adding a URL suffix to specify a URL path of /crossdomain.xml.

We are reading a list of hostnames from the file plugin-development/alexa-top-100.txt. /crossdomain.xml will be appended to each hostname.

whoknows -i plugin-development/alexa-top-100.txt --url-suffix /crossdomain.xml -p crossdomain_xml

More Examples

If the type of usage you are seeking is not listed here then open an issue to ask for suggestions.