Latest News

How to use Webshag-gui in kali linux

Intro - Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers useful common functionality for web server auditing like website crawling, URL scanning or file fuzzing.
The common functionalities of the webshag are -

  • Port Scanning .
  • Web Crawling. 
  • Url Scanning. 
  • Retrieving the list of domain names .
  • File fuzzing .

1. How to open
A. GUI Method
Application → Kali linux→ Web Applications → Web Vulnerability Scanners → webshag-gui
                                                                               (Click on Image for Large View)

B. Open Terminal type webshag-guiand hit enter

2. Here we didn’t configure webshag properly before using so we got this error while Uscan.
 ERROR : Invalid configuration value for ‘custom_db_dir’ parameter

3. Another error on FUZZ

4. Now time to set configure file so let’s start. First of all open webshag.conf file for this use these command after opening terminal
a. cd /usr/share/webshag/config
b. leafpad webshag.conf

5. Now locate the webshag config file by typing locate webshag command on terminal

6.  So we have we have locate webshag info and webshag.conf file now copy some configuration source from locate webshag and paste it on webshag.conf file.
View image for finding out which one you need to copy and paste.

7. Save webshag.conf file.

8. Pscan -  Write your target host/IPv4 in target field than click ok, your scan will be start. As result you will see all open ports and ports details.

9. Spider – Write your target host/ IPv4 in target area than click on OK, As result you can see internal directories, Emails and external links which are attached with your host/IPv4.

10. UScan – This scan is most important part in webshag. Uscan will find out vulnerability in target host and also tell you about exploit.  Write your target host in target area than click on OK for starting Uscan. As result you can see we found remote vulnerabilities in our target url.

11. Fuzz - As we all know is a Fuzzer which also runs through the site and find the folders of the services that are running on that site.
(Click on Image for Large View)

No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you , ,
skype: greeenchip


This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.

Featured Post

Custom Domains And HTTPS Redirection Code