WhatWeb ve Wordpress sürümü saklama

  |   Kaynak

WhatWeb yazılımı internet sitelerini üzerinde CMS,blog,stats,analiz,javascript vs. gibi yazılımların kimliklerini ve sürümlerini tespit etmeye yarayan bir araç.WhatWeb yazılımı herhangi bir web sitesinin üzerindeki özellikle popüler kullanılmakta olan CMS ve blog yazılımlarının kimliklerini,sürümlerini ve sunucu bilgilerini toplayabiliyor.İnternet üzerinde yayın yapmak için kullandığımız herhangi bir yazılımın özellikle sürüm bilgisini vermek zararlı olabilir.Hele bir de güncellemekte gecikiyor ya da üşeniyorsanız!

İlk olarak WhatWeb yazılımını kuralım.Arch Linux,FreeBSD,Mandriva Linux ve Gentoo Linux için hazır paketleri mevcut.Ben Gentoo Linux ve Ubuntu Linux üzerine kurmaya değineceğim.

Gentoo Linux için "WhatWeb" "pentoo" overlay'inde mevcut.Pentoo Overlay'ini portage'a ekleyelim.Eğer "layman" kurulu değil ise ilk olarak kurun.Layman hakkında yardım almak için buradan buyrun.

# layman -a pentoo
# emerge -av whatweb 
Ubuntu 'ya "WhatWeb" yüklemek için ilk olarak Ruby kurmamız gerekiyor.Daha sonra "WhatWeb"i indirip çalıştırabiliriz.
# apt-get install ruby ruby-dev libopenssl-ruby
$ wget http://www.morningstarsecurity.com/downloads/whatweb-0.4.5.tar.gz
$ tar zxvf whatweb-0.4.5.tar.gz
$ cd whatweb-0.4.5
Artık "WhatWeb" ile testler yapmaya hazırız.Şimdi herhangi bir "Wordpress" sitesini test edip sürüm bilgilerini alalım.Daha sonra da sürüm bilgilerini Wordpress üstünden kaldırıp tekrar deneyelim.Yukarda da bahsetmem üzere sürüm güncellemekte gecikiyorsanız ya da güncelleme aralığınız uzuyorsa dışarıya sürümünüz hakkında bilgi vermemek en iyisidir.Belirsizlik karşıdakine daha çok zaman ve emek harcatır :)

İlk test yapalım :

$ ./whatweb linux.piesso.com
http://linux.piesso.com [200] WordPress[3.0.4], HTTPServer[LWS], UncommonHeaders[x-pingback], JQuery[1.4.2], Title[| Linux ve Özgürlük], RSSFeed[http://linux.piesso.com/wp-content/themes/openark-blog/style.css], MetaGenerator[WordPress 3.0.4], Tag-Hash[304a800265809c99e32ff96b774225fe], MD5[d1f3d9cdb0766514a3d290cceb2eccc3], Header-Hash[a82619f7784e56b660f31017e1d0174f], Footer-Hash[b7509d9fc94073b62bfe3d809e9ad5a9]
Yukarda görüldüğü gibi "WhatWeb" sitenin "Wordpress" ile oluşturulduğunu ve sürümünün "3.0.4" olduğunun çıktısını verdi."WhatWeb" sadece "Wordpress" değil bir çok yazılımının kimliğini tespit edebiliyor.Bunları görmek için de "-l" parametresini kullanabiliriz;
$ ./whatweb -l
Plugins Loaded

360-Web-Manager,0.1 ANECMS,0.1 ASP-Nuke,0.2 AVTech-Video-Web-Server,0.1 AWStats,0.1 Aardvark-Topsites-PHP,0.1 Acclipse,0.2 AdobeFlash,0.1 Advanced-Guestbook,0.2 Alcatel-Lucent-Omniswitch,0.1 Allinta-CMS,0.1 Antiboard,0.1 Apache-Default,0.3 ArGoSoft-Mail-Server,0.1 Arab-Portal,0.1 AtomFeed,0.1 Axis-Network-Camera,0.1 BM-Classifieds,0.1 BXR,0.1 Barracuda-Spam-Firewall,0.1 Basilic,0.1 BeEF,0.1 Belkin-Modem,0.2 Bing-SearchEngine,0.1 Biromsoft-WebCam,0.1 BlogSmithMedia,0.2 Blogger,0.1 BlognPlus,0.1 BlueNet-Video-Server,0.1 Brother-Printer,0.1 Burning-Board-Lite,0.1 BusinessSpace,0.1 CGI Backdoor,0.1 CGIProxy,0.1 CMSQLite,0.1 CMScontrol,0.1 CMSimple,0.1 CPanel,0.2 Campsite,0.1 Canon-Network-Camera,0.1 Cisco-VPN-3000-Concentrator,0.1 Citrix-Metaframe,0.2 CodeIgniterProfiler,0.1 ColdFusion,0.1 Comersus,0.2 CommonSpot,0.1 Concrete5,0.2 Confluence,0.1 Cookies,0.1 Coppermine,0.2 CruxCMS,0.1 CruxPA,0.1 CushyCMS,0.2 D-Link-Network-Camera,0.1 DMXReady,0.1 DT-Centrepiece,0.1 DUclassified,0.1 DUforum,0.1 DUgallery,0.1 Dell-Printer,0.1 DiBos,0.2 DotCMS,0.2 DotNetNuke,0.3 Drupal,0.2 DublinCore,0.1 EMO-Realty-Manager,0.1 EarlyImpact-ProductCart,0.2 EazyCMS,0.1 Echo,0.2 Empire-CMS,0.1 Evo-Cam,0.1 ExpressionEngine,0.2 F3Site,0.1 FestOS,0.1 File-Upload-Manager,0.1 Flax-Article-Manager,0.1 FluentNET,0.1 FluxBB,0.3 Footer-Hash,0.2 Forest-Blog,0.1 FormMail,0.2 FrogCMS,0.3 GoAhead-Webs,0.2 Google-API,0.1 Google-Analytics,0.2 Google-Hack-Honeypot,0.1 GuppY,0.1 HP-LaserJet-Printer,0.1 HTML5,0.2 HTTPServer,0.2 Header-Hash,0.1 IIS-SiteNotFound,0.2 IIS-UnderConstruction,0.2 IMGallery,0.1 IPCop-Firewall,0.1 IQeye-Netcam,0.1 ISPConfig,0.2 Index-Of,0.2 Intellinet-IP-Camera,0.1 Interspire-Shopping-Cart,0.1 InvisionPowerBoard,0.2 JAMM-CMS,0.1 JGS-Portal,0.1 JQuery,0.2 Jamroom,0.1 Jboss,0.1 Joomla,0.4 Kloxo Single Server,0.1 Liferay,0.1 Lightbox,0.2 Lime-Survey,0.1 Linksys-NAS,0.1 Linksys-Network-Camera,0.1 Linksys-USB-HDD,0.1 Linksys-Wireless-G-Camera,0.1 LocazoList-Classifieds,0.1 Loggix,0.1 Lucky-Tech-iGuard,0.1 MD5,0.2 MailSiteExpress,0.2 Mailman,0.1 Mailto,0.2 Mambo,0.2 MediaWiki,0.1 MetaGenerator,0.2 MetaPoweredBy,0.2 Microsoft-Sharepoint,0.1 MicrosoftODBCError,0.1 MikroTik,0.2 Minify,0.1 MnoGoSearch,0.2 Mobotix-Network-Camera,0.1 ModxCMS,0.2 Moodle,0.2 MovableType,0.2 My-PHP-Indexer,0.1 My-WebCamXP-Server,0.1 MyioSoft-Ajax-Portal,0.1 MysqlSyntaxError,0.1 NetBotz-Network-Monitoring-Device,0.1 Netious-CMS,0.1 Netsnap-Web-Camera,0.1 NovellGroupwise,0.2 Nukedit,0.1 ORCA-Platform,0.1 ORITE-301-Camera,0.1 OSCommerce,0.3 Oce,0.2 OkiPBX,0.2 Open-Blog,0.1 Open-Freeway,0.1 Open-Source-Ticket-Request-System,0.1 OpenCms,0.1 OpenGraphProtocol,0.1 OpenID,0.1 OpenSearch,0.1 PG-Roomate-Finder-Solution,0.1 PHP-Fusion,0.1 PHP-Layers,0.1 PHP-Link-Directory,0.1 PHP-Shell,0.1 PHPCake,0.2 PHPDirector,0.1 PHPEasyData,0.1 PHPError,0.2 PHPFM,0.1 PHPNuke,0.2 PHPraid,0.1 PageUp-People,0.1 Panasonic-Network-Camera,0.1 Parked-Domain,0.1 PasswordField,0.1 PhilBoard,0.1 Piwik,0.1 Pixel-Ads-Script,0.1 Pixie,0.1 Plesk,0.2 Pligg-CMS,0.1 Plone,0.2 PortalApp,0.1 PoweredBy,0.2 Pressflow,0.1 Prototype,0.2 QNAP-NAS,0.1 Quantcast,0.1 RSSFeed,0.1 RedirectLocation,0.2 RoundCube,0.2 RunCMS,0.1 SHOUTcast-Administrator,0.1 SMF,0.2 Saurus-CMS,0.1 Scriptaculous,0.2 SearchFitShoppingCart,0.2 SiemensSpeedStreamRouter,0.2 SilverStripe,0.2 SimpNews,0.1 Site-Sift,0.1 SkaLinks,0.1 SmodCMS,0.1 Snap-Appliance-Server,0.1 SnomPhone,0.2 Softbiz-Freelancers-Script,0.1 Softbiz-Online-Auctions-Script,0.1 Softbiz-Online-Classifieds,0.1 Sony-Network-Camera,0.1 Sony-Video-Network-Station,0.1 SquirrelMail,0.2 Star-Network,0.1 StarDot-NetCam,0.1 Stardot-Express,0.1 Subdreamer-CMS,0.1 Subrion-CMS,0.1 SyndeoCMS,0.1 TWiki,0.1 Tag-Hash,0.2 TaskFreak,0.1 Team-Board,0.1 Textpattern,0.1 The-PHP-Real-Estate-Script,0.1 Title,0.2 TomatoCMS,0.1 Tomcat,0.2 Toshiba-Network-Camera,0.1 ToshibaPrinter,0.2 Trac,0.1 Turbo-Seek,0.1 TypePad,0.2 TypoLight,0.2 Umbraco,0.1 UncommonHeaders,0.2 VBulletin,0.2 VP-ASP,0.2 VSNSLemon,0.2 Veo-Observer,0.1 VideoShareEnterprise,0.1 Virtualmin,0.1 VisionGS-Webcam,0.1 Vulnerable-To-XSS,0.1 WWWBoard,0.1 Web-Calendar-System,0.1 Web-Data-Administrator,0.1 WebDVR,0.1 WebEye-Network-Camera,0.1 WebGuard,0.2 WebPress,0.1 WhiteBoard,0.1 Winamp-Web-Interface,0.1 Windows-Internet-Printing,0.1 WindowsSBS,0.2 WoW-Raid-Manager,0.1 WordPress,0.2 WordPressSpamFree,0.2 WordpressSuperCache,0.3 X-ASPNetVersion,0.2 X-Powered-By,0.2 X7-Chat,0.1 XHP-CMS,0.1 Xerox-Printers,0.1 XtraBusinessHosting,0.2 Zen-Cart,0.1 Zeus-Cart,0.1 Zikula,0.1 Zoph,0.1 Zyxel-Vantage-Service-Gateway,0.1 anyInventory,0.1 boastMachine,0.1 coWiki,0.1 cpCommerce,0.1 eLitius,0.1 eSyndiCat,0.1 envezion~media,0.1 ezBOO-WebStats,0.1 i-Catcher-Console,0.1 iDVR,0.1 iRealty,0.1 iScripts-CyberMatch,0.1 iScripts-EasySnaps,0.1 iScripts-MultiCart,0.1 iScripts-ReserveLogic,0.1 iScripts-SocialWare,0.1 ispCP-Omega,0.2 jobberBase,0.1 mojoPortal,0.1 phPhotoAlbum,0.1 php-ping,0.1 phpBB,0.2 phpFreeChat,0.1 phpMyAdmin,0.1 phpPgAdmin,0.1 phpSysInfo,0.1 phpinfo,0.1 sabros.us,0.1 samPHPweb,0.1 syntaxCMS,0.1 uPortal,0.1 xGB,0.1

WhatWeb'ten Wordpress sürümü gizlemek için ise temanızın "function.php" adlı dosyası içine aşağıdaki satırını yapıştırarak kaldıralım .
remove_action('wp_head', 'wp_generator');
Wordpress'ten sürüm bilgilerini kaldırdığımıza göre "WhatWeb" ile tekrar test edelim.
$ ./whatweb linux.piesso.com
http://linux.piesso.com [200] probably WordPress, HTTPServer[LWS], UncommonHeaders[x-pingback], JQuery[1.4.2], Title[| Linux ve Özgürlük], RSSFeed[http://linux.piesso.com/wp-content/themes/openark-blog/style.css], Tag-Hash[1875deb75c633e2ea1bbe2e6b8c856e3], MD5[29c17973306dcde19d75e8c9b3f72861], Header-Hash[a82619f7784e56b660f31017e1d0174f], Footer-Hash[b7509d9fc94073b62bfe3d809e9ad5a9]

Görüldüğü gibi artık Wordpress sürüm bilgisi vermiyor.

Comments powered by Disqus