WotWeb
======

April 24th 2004
---------------

I have received a few requests and queries from system administrators
looking for a program that will scan their networks for web servers.
Quite often these sysadmins are managing such large networks they 
neither know how many or what kind of web servers they have. It is
important that they find all of their servers if they need to keep up
with security patches. Some admins have gone to the trouble of creating
custom scripts coupled with command line scanners to do the job, but a
simple all-in-one tool to do what they want would be the best solution.
This is why "wotweb" was written.

This utility takes a list of IP addresses/ranges and scans them for
commonly used web ports, showing the web server type for each active web
port. You can select which ports to scan from a fixed list of common web
ports. Port 80 is the usual one to look for and 443 should be selected
if you are looking for web servers running HTTPS.

A nice feature is the ability to import a list of pre-prepared IP
addresses from a text file. The format of the IPs in this file can be a
single IP such as 192.168.1.100, or a range in one of several formats
such as 192.168.1.1-192.168.1.254, 192.168.1.1-3.254, 192.168.1.1-254.
You get the idea. White space is ignored and duplicate IPs are removed
when the scan starts.

Three other scan options are present:

o   You can choose whether or not to resolve IP addresses into hostnames.
    With this option selected the program will launch 8 background threads
    to resolve IPs as they are discovered.
o   An option to scan the list of IPs in a random order (on by default).
    This option is a token effort to reduce network load on routers if a
    very large IP range is being used and may possibly help with IDS evasion.
o   A timeout value that the program will adhere to when waiting for a
    connection from a host. Pick a small value if you are scanning a LAN.

When a scan is ongoing and open web ports are found, entries appear in
the list and you can double-click them to open the web page in your web
browser. You can achieve the same by right-clicking an entry and
selecting from the popup menu. You can also browse through your acquired
list by using the back "<" and forward ">" buttons at the bottom right
of the window.

To save your findings click the Save button. The list will be saved to a
comma separated text file that you can import into your favorite
spreadsheet application for further processing.

Clicking any of the list column headers will sort the list by that
column. When you save the list it will be saved in the order that is
displayed.

------------------///------------------

Special Performance Enhancement Notice!

You can significantly improve the performance of the scanner (in fact
ANY scanner) by adjusting a few registry values. The improvement is
especially noticeable on Windows 95/98. Included with the ZIP file (you
did get this program in a ZIP file right?) are 2 registry files, one for
Window 98 and one for Windows 2000/NT. Incorporating these registry tweaks
and rebooting should give you much better scan speeds. On Windows 98 for
example, scanning a class C you will notice 2 or 3 large pauses of 20
seconds or more during the scan as the system waits for internal TCP/IP
stack queues to empty. With the registry tweaks these delays vanish.

As always, backup your registry, or at least the values that are being
changed by these files, before you apply the changes. If you don't understand
what you are doing with the system registry then don't mess with it.

------------------///------------------


Version 1.00 - Initial Release
Version 1.01 - Fixed copy to clipboard bug. Was copying wrong item when
               list was sorted
Version 1.02 - Minor bug fix with IP import function.
             - Added port 1214 (Kazaaa/Morpheus). This is not technically
               a web server but its fun seeing all those shared files!
             - Added "always on top" button (at bottom left).
Version 1.03 - Added "Code" and "Auth" fields to show the returned
               HTTP response code and authorisation level.
               Added ports 900, 2779 and 5000.
Version 1.05 - Added a couple more ports.
               Added hostname resolving.
Version 1.06 - Wasn't using the correct port when launching browser
Version 1.08 - Added some more non-standard web ports plus the ability
               to add a single custom port of your choice.

----------------------------------------------------------------------

This software was written by Robin Keir and is distributed as freeware.
I take no responsibility for any damage or problems caused by using it
but I do welcome comments and suggestions.

robin@keir.net
http://keir.net/
