The basic operation of mwebfp consists of the processing of an input (targets and TCP ports) that is then used to identify open web server ports with the help of a powerful portscanner (nmap).

All ports found open are then analyzed (on HTTP and HTTPS) and all relevant webserver information is recorded, as well as a screenshot of the rendered webpage (as if it is seen from a broswer).



mwebfp [-h] [-d] [-i INPUT_RANGE | -n SERVER_NAME | -f INPUT_FILE | -r] [-p HTTP_PORTS] [-s HTTPS_PORTS] [-o OUTPUT_DIR] [-t {HTML,XLS,CSV,XML}] [-v {yes,no}] [-w {yes,no}]


  -h, --help            show this help message and exit
  -d, --debug           show debugging info
  -i INPUT_RANGE, --input-range INPUT_RANGE
                        input IP CIDR range
  -n SERVER_NAME, --server-name SERVER_NAME
                        name of server (DNS name)
  -f INPUT_FILE, --input-file INPUT_FILE
                        input file containing IP addresses and/or IP ranges
  -r, --recover         recover/continue previous process
  -p HTTP_PORTS, --http-ports HTTP_PORTS
                        TCP HTTP ports (Default: 80/tcp)
  -s HTTPS_PORTS, --https-ports HTTPS_PORTS
                        TCP HTTPS ports (Default: 443/tcp)
  -o OUTPUT_DIR, --output-dir OUTPUT_DIR
                        working directory
  -t {HTML,XLS,CSV,XML}, --output-format {HTML,XLS,CSV,XML}
                        output report format (Default: HTML)
  -v {yes,no}, --vhosts {yes,no}
                        choice of processing vhosts for each IP address
                        (Default: no)
  -w {yes,no}, --web-screenshots {yes,no}
                        choice of taking web schreenshots (Default: no)


cyborg@cyborg:~$ sudo mwebfp -i -o Output -w yes -v no
Creating output directory:  Output
Loaded 1 IP addresses to scan
IP Address =
   NMap heavylifting ... (please be patient)
   Processing port 80	->	open
      Capturing screenshot ...  Done.
   Processing port 443	->	closed
Done. Go check your report file !

cyborg@cyborg:/pentest/web/mwebfp-master/Output$ ls
mwebfp-capture---http-  mwebfp-Output.csv
cyborg@cyborg:/pentest/web/mwebfp-master/Output$ cat mwebfp-nmap- 
# Nmap 6.40 scan initiated Mon Oct  5 10:09:25 2015 as: nmap -oX - -sT -P0 -vvv -n -T4 -oN Output/mwebfp-nmap- --script=http-favicon --script=http-headers --script=http-methods --script=http-title -p80,443
Nmap scan report for
Host is up (0.000074s latency).
Scanned at 2015-10-05 10:09:25 IST for 0s
80/tcp  open   http
| http-headers: 
|   Date:           Mon, 05 Oct 2015 04:39:25 GMT
|   Server:         Apache/2.4.7 (Ubuntu)
|   Last-Modified:  Tue, 30 Sep 2014 04:50:44 GMT
|   ETag:           "2cf6-50441203ff100"
|   Accept-Ranges:  bytes
|   Content-Length: 11510
|   Vary:           Accept-Encoding
|   Connection:     close
|   Content-Type:   text/html
|_(Request type: HEAD)
|_http-methods:     GET HEAD POST OPTIONS
|_http-title:       Apache2 Ubuntu Default Page: It works
443/tcp closed https

Read data files from: /usr/bin/../share/nmap
# Nmap done at Mon Oct  5 10:09:25 2015 -- 1 IP address (1 host up) scanned in 0.13 seconds


Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?