-
-
Notifications
You must be signed in to change notification settings - Fork 0
Example Usage
Examples of how to use WhoKnows to scan.
$ ./whoknows reddit.com
http://reddit.com [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[snooserv], IP[151.101.65.140], RedirectLocation[https://www.reddit.com/], UncommonHeaders[retry-after,x-served-by,x-cache-hits,x-timer], Via-Proxy[1.1 varnish]
https://www.reddit.com/ [200 OK] Cookies[edgebucket,eu_cookie_v2,loid,rabt,rseor3,session_tracker,token], Country[UNITED STATES][US], Email[banner@2x.png,snoo-home@2x.png], Frame, HTML5, HTTPServer[snooserv], HttpOnly[token], IP[151.101.37.140], Open-Graph-Protocol[website], Script[text/javascript], Strict-Transport-Security[max-age=15552000; includeSubDomains; preload], Title[reddit: the front page of the internet], UncommonHeaders[fastly-restarts,x-served-by,x-cache-hits,x-timer], Via-Proxy[1.1 varnish], X-Frame-Options[SAMEORIGIN]
whoknows example.com
This is the simplest way to scan a website. Specify a URL on the command-line.
whoknows reddit.com slashdot.org twitter.com
You can scan multiple websites by specifying the URLs on the commandline
whoknows --input-file list.txt
You can scan the URLs specified in list.txt.
whoknows -i list.txt
It is faster to just type -i than --input-list.
echo -e "facebook.com\ninstagram.com\ntwitter.com" | ./whoknows -i /dev/stdin
In this case we are using -i (--input-file) to read from a file but the file is /dev/stdin. This lets use pipe in URLs from another source.
If you want verbose output that describes what the plugins mean, use -v.
whoknows --verbose reddit.com
It is faster to type -v than --verbose.
whoknows -v reddit.com
You can specify --verbose twice to get even more information. This shows us how each plugin is matched and is especially helpful for debugging plugins.
In this example we use use -vv instead of -v -v or even --verbose --verbose.
whoknows -vv reddit.com
Set the aggressive mode to 3 (Aggressive). If any plugins match in passive mode, then the aggressive tests for the plugin will be triggered. This is very useful in version detection.
whoknows --aggression 3 www.wired.com
It is faster to type -a than --aggressive.
whoknows -a 3 www.wired.com
whoknows --no-errors 192.168.0.0/24
You can specify network ranges. In this example we want to scan the local RFC1918 IP addresses from 192.168.0.0 to 192.168.0.255. This range is represented as 192.168.0.0/24.
We have added --no-errors to suppress the errors for every IP address that does not have a web server.
We are adding a prefix to every URL. In this case the prefix is https://.
whoknows --no-errors --url-prefix https:// 192.168.0.0/24
In this case we are adding a URL suffix to specify a URL path of /crossdomain.xml.
We are reading a list of hostnames from the file plugin-development/alexa-top-100.txt. /crossdomain.xml will be appended to each hostname.
whoknows -i plugin-development/alexa-top-100.txt --url-suffix /crossdomain.xml -p crossdomain_xml
If the type of usage you are seeking is not listed here then open an issue to ask for suggestions.