mwebfp - Mass Web Fingerprinter

mwebfp (Massive Web Fingerprinter) is a Python-based tool for web server fingerprinting.


In order to run mwebfp "out-of-the-git", with all options enabled, you will need:
  • Python - Programming language (sudo apt-get instal python)
  • nmap - Port Scanner (sudo apt-get install nmap)
  • python-nmap - Python module (apt-get install python-nmap)
  • requests - Python module (apt-get install python-requests)
  • cutycapt - Qt WebKit Capture Utility (latest version)
  • A graphical interface (GUI) on the *nix server you are running the script (I assume Linux)


  • Input
    • Target(s) can be IP address(es), IP address range(s), server name(s), etc.
    • Target(s) can be provided directly on the command-line or on a file
  • Port Definition
    • Default ports are 80 (HTTP) and 443 (HTTPS), but any port can be easily configured at runtime
  • Output
    • All output files and related support files for the scan are saved on a directory configured at runtime by the user
    • Currently, mwebfp exports results on a CSV file (Easily usable on MS Excel) only
  • Virtual Hosts
    • If requested at runtime, mwebfp will find all virutally hosted domains and webpages for the target server
  • Webserver Screenshots
    • If requested at runtime, mwebfp will grab screenshots of all found web pages (Graphical UI under Linux is required)


usage: [-h]
                 [-i INPUT_RANGE | -n SERVER_NAME | -f INPUT_FILE | -r]
                 [-p HTTP_PORTS] [-s HTTPS_PORTS] [-o OUTPUT_DIR]
                 [-t {HTML,XLS,CSV,XML}] [-v {yes,no}] [-w {yes,no}]

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT_RANGE, --input-range INPUT_RANGE
                        input IP CIDR range
  -n SERVER_NAME, --server-name SERVER_NAME
                        name of server (DNS name)
  -f INPUT_FILE, --input-file INPUT_FILE
                        input file containing IP addresses and/or IP ranges
  -r, --recover         recover/continue previous process
  -p HTTP_PORTS, --http-ports HTTP_PORTS
                        TCP HTTP ports (Default: 80/tcp)
  -s HTTPS_PORTS, --https-ports HTTPS_PORTS
                        TCP HTTPS ports (Default: 443/tcp)
  -o OUTPUT_DIR, --output-dir OUTPUT_DIR
                        working directory
  -t {HTML,XLS,CSV,XML}, --output-format {HTML,XLS,CSV,XML}
                        output report format (Default: HTML)
  -v {yes,no}, --vhosts {yes,no}
                        choice of processing vhosts for each IP address
                        (Default: no)
  -w {yes,no}, --web-screenshots {yes,no}
                        choice of taking web schreenshots (Default: no)

No comments

Powered by Blogger.