UPDATE WEB-SORROW V1.5.0 - perl based tool for misconfiguration, version detection, enumeration, and server information scanning

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks. 

Is there a feature you want in Web-Sorrow? Is there something that sucks that i can unsuck? Tell me. I Listen! @flyinpoptartcat

Basic overview of capabilities:
Web Services: a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints

Authentication areas: logins, admin logins, email webapps

Bruteforce: Subdomains, Files and Directories

Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host

AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities)

Current functionality:
HOST OPTIONS:
-host [host] -- Defines host to scan, a list separated by semicolons, 1.1.1.30-100 type ranges, and 1.1.1.* type ranges. You can also use the 1.1.1.30-100 type ranges for domains like www1-10.site.com

-port [port num] -- Defines port number to use (Default is 80)

-proxy [ip:port] -- Use an HTTP, HTTPS, or gopher proxy server
SCANS:
-S -- Standard set of scans including: agresive directory indexing,

Banner grabbing, Language detection, robots.txt,

HTTP 200 response testing, Apache user enum, SSL cert,

Mobile page testing, sensitive items scanning,

thumbs.db scanning, content negotiation, and non port 80

server scanning

-auth -- Scan for login pages, admin consoles, and email webapps

-Cp [dp | jm | wp | all] scan for cms plugins.

dp = drupal, jm = joomla, wp = wordpress 

-Fd -- Scan for common interesting files and dirs (Bruteforce)

-Sfd -- Very small files and dirs enum (for the sake of time)

-Sd -- BruteForce Subdomains (host given must be a domain. Not an IP)

-Ws -- Scan for Web Services on host such as: cms version info, 

blogging services, favicon fingerprints, and hosting provider

-Db -- BruteForce Directories with the big dirbuster Database

-Df [option] Scan for default files. platfroms/options: Apache,

Frontpage, IIS, Oracle9i, Weblogic, Websphere,

MicrosoftCGI, all (enables all)

-ninja -- A light weight and undetectable scan that uses bits and

peices from other scans (it is not recomended to use with any

other scans if you want to be stealthy. See readme.txt)

-fuzzsd -- Fuzz every found file for Source Disclosure

-e -- Everything. run all scans

-intense -- like -e but no bruteforce

-I -- Passively scan interesting strings in responses such as:

emails, wordpress dirs, cgi dirs, SSI, facebook fbids,

and much more (results may Contain partial html)

-dp -- Do passive tests on requests: banner grabbing, Dir indexing,

Non 200 http status, strings in error pages,

Passive Web services

-flag [txt] -- report when this text shows up on the responses
SCAN SETTINGS:
-ua [ua] -- Useragent to use. put it in quotes. (default is firefox linux)

-Rua -- Generate a new random UserAgent per request

-R -- Only request HTTP headers via ranges requests.

This is much faster but some features and capabilitises

May not work with this option. But it's perfect when

You only want to know if something exists or not.

Like in -auth or -Fd

-gzip -- Compresses http responces from host for speed. Some Banner

Grabbing will not work

-d [dir] -- Only scan within this directory

-https -- Use https (ssl) instead of http

-nr -- Don't do responce analisis IE. False positive testing,

Iteresting headers (other than banner grabbing) if

you want your scan to be less verbose use -nr

-Shadow -- Request pages from Google cache instead of from the Host.

(mostly for just -I otherwise it's unreliable)

-die -- Stop scanning host if it appears to be offline

-reject -- Treat this http status code as a 404 error

web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect) 
Examples:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

stealthy: perl Wsorrow.pl -host scanme.nmap.org -ninja -proxy 190.145.74.10:3128

scan for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e

dump http headers: perl headerDump.pl

Check if host is alive: perl hdt.pl -host 192.168.1.1

sample output
using option -Ws
[*] _______WEB SERVICES_______ [*]

[+] Found service or widget: google analytics

[+] Found service or widget: disqus.com commenting system

[+] Found service or widget: quantserve.com

[+] Found service or widget: twitter widget
using option -S
[+] Server Info in Header: "Via: varnish ph7"

[+] HTTP Date: Mon, 22 Oct 2012 01:36:11 GMT

[+] HTTP Title: [cen0red]

[+] robots.txt found! This could be interesting!

[?] would you like me to display it? (y/n) ? Y

[+] robots.txt Contents:

User-agent: *

Disallow:

Sitemap: http://[cen0red]/sitemap.xml

[+] Directory indexing found in "/icons/"

[+] xmlrpc: /xmlrpc.php

HTTP CODE: 403 -> [+] Apache information: /server-status/

[+] Domain policies: /crossdomain.xml

[+] OPEN HTTP server on port: 81

Download -
Web-Sorrow_v1.5.0FINAL.zip 7.1 MB

"This is the last version i will actively release! if you want to improve my code please send it to me and i will release a new version." - @flyinpoptartcat

Download other versions from here

Source-
http://code.google.com/p/web-sorrow/

Previous posts regarding Web-Sorrow -
http://santoshdudhade.blogspot.in/2012/06/update-web-sorrow-v-139-remote-web.html



http://santoshdudhade.blogspot.in/2012/05/web-sorrow-remote-web-scanner-for.html
http://santoshdudhade.blogspot.in/2012/06/web-sorrow-v-138-remote-security.html
http://santoshdudhade.blogspot.in/2012/06/web-sorrow-v140-remote-security-scanner.html
http://santoshdudhade.blogspot.in/2012/07/web-sorrow-v142-remote-security-scanner.html
http://santoshdudhade.blogspot.in/2012/10/web-sorrow-v147b-versatile-security.html

Screenshot -