whatweb -l #list all plugins
whatweb -I <keyword> #search by keyword and show detailed description
whatweb --dorks=<plugin> #list google dorks used by the plugin
whatweb -i <plugin> <url> #use the specified plugin during scan
Nikto
nikto -host <site url> -port <port> -maxtime <max time for scan>
nikto -host <site url> -port <port> -dbcheck
Check for page formats
index.html #static
index.php #PHP
index.asp #IIS
index.aspx #IIS
index.do #JSP based
index.jsp #JSP based
SOAP services expose a WSDL file that can reveal all the possible calls and relative parameters that can be executed on the server. This can allow an attacker to execute arbitrary calls to server-side services to tamper or destroy data
In order to find the definition file try appending the following payloads to the service url
Advanced web scanner and spider tool. Download from .
Some public web services may have their WSDL file accessible by visiting
If you happen to find a .git folder on a server, you can dump all the files in the repository even if not directly accessible (403 error) with the following tool: