Working with WhoUr Tool on Kali Linux OS
Example 1: SQLi Scanner
Select Option 1
Here, âWhoUrâ tool has a menu or user interface where you can make selections. Option 1 is for SQLi scanning. When we run the tool, it presents us with a menu, and we have choose this option to start the SQL injection scanning process.
The below screenshot shows how the SQL injection scanning process works. It describes that the tool uses a âGoogle Dorkâ query. In the context of web security, a âGoogle Dorkâ is a specific search query designed to find vulnerable web pages. These queries are often used by security professionals to identify websites that might be susceptible to SQL injection attacks. The tool generates a random Google Dork query to search for potentially vulnerable web pages.
After executing the Google Dork query, the tool scans URLs it finds and checks them for SQL injection vulnerabilities. If any URLs are identified as potentially vulnerable, the tool saves these URLs on the local disk of the computer running the tool. This step is important as it allows you to keep a record of potentially vulnerable sites for further analysis or action.
This statement specifies where the results of the SQL injection scanning process are stored. The identified vulnerable URLs are saved in a file named âsites.txt.â This file is for log or record of the vulnerable sites, making it easy for us to review and take necessary actions based on the results.
The âWhoUrâ tool has completed its SQL injection (SQLi) scanning process and found some potentially vulnerable URLs, the results are not only saved in a file named sites.txt but are also displayed or shown to the user.
Example 2: Get information from a website
Select Option 2
This step shows that tool has the menu or user interface when running the âWhoUrâ tool. In this menu, we need to choose Option 2. This option is for getting information from a specific website or domain.
After selecting Option 2, the tool will prompt us to provide a target domain or website that we want to gather information about. In this example, âw3wiki.orgâ is used as the target domain, but we would replace it with the domain or website we want to test.
In the below screenshot, we have got information about the domainâs associated Domain Name System (DNS) records. DNS records include details such as the domainâs IP address, MX records (used for email), and other DNS-related data. This information helps you understand the domainâs infrastructure.
We have got the IP Reverse Lookup data about w3wiki.org. IP reverse lookup is the process of finding associated domain names or hostnames for a given IP address. The tool will provide data about the domain names or hostnames associated with the IP address of the specified domain w3wiki.org.
We have got the URL links which contains the admin login strings w3wiki.org. Here the URLs or links associated with admin login pages on the specified domain are retrived. Identifying these links can be useful for security testing or reconnaissance, as it allows you to locate entry points that may require further investigation or analysis.
WhoUr Tool for information gathering in Linux
WhoUr tool is an automated tool that is used to perform SQLi Vulnerability Scanning and also can perform basic information gathering on the target domain. This tool can get information like DNS Lookup information, IP Reverse Lookup Information, and also can find the Admin Panel Links. The WhoUr tool uses the Google Dork queries to find the URLs on the internet and test them for SQLi flaws. We can provide the custom dork query or directly run the tool, so the tool selects the random query from its database. The WhoUr tool is developed in the Python language and is available on the GitHub platform. As this is available on GitHub itâs free to use and open-source, so anyone can contribute to it.
Contact Us