The WhatWeb is a tool that is used to identify different web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. It has over 1700 plugins, each used to do something different.
Whatweb’s main use is to identify all sorts of information about a live website, like:
- Platform
- CMS platform
- Type of Script
- Google Analytics
- Web server Platform
- IP address, Country
- 900+ Plugins & their libraries used
- Server Headers, Cookies, and a lot more.
It is included in Kali Linux, and it can be accessed with the help of applications like 03 — Web Application Analysis | Web Vulnerability scanners, etc.
WhatWeb Features
- Over 1700 plugins.
- Controls the trade-off between speed/stealth and reliability.
- Proxy support including TOR.
- Custom HTTP headers.
- Basic HTTP authentication.
- Performance tuning. Control how many websites to scan concurrently.
- Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, and ElasticSearch.
- Performance tuning. Control how many websites to scan concurrently.
- Control over webpage redirection.
- Nmap-style IP ranges.
- Fuzzy matching.
- Result certainty awareness.
- Custom plugins are defined on the command line.
Synax:
whatweb
TARGET SELECTION:
Enter URLs, filenames or nmap-format IP ranges.--input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin
TARGET MODIFICATION:
--url-prefix Add a prefix to target URLs--url
-suffix Add a suffix to target URLs
--url-pattern Insert the targets into a URL. Requires --input-file,
AGGRESSION:
The aggression level controls the trade-off between speed/stealth and reliability.
--aggression, -a=LEVEL Set the aggression level. Default: 1
Aggression levels are: 1,2,3 & 4
HTTP OPTIONS:
--user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.8-dev.
--follow-redirect=WHEN Control when to follow redirects.Default: always
--max-redirects=NUM Maximum number of contiguous redirects. Default: 10
AUTHENTICATION:
--user, -u= HTTP basic authenticationAdd
session cookies with --header, e.g. --header "Cookie: SESSID=1a2b3c;"
PROXY:
--proxy <hostname[:port]> Set proxy hostname and port Default: 8080
--proxy-user Set proxy user and password
PLUGINS:
--list-plugins, -l List all plugins
OUTPUT:
--verbose, -v Verbose output includes plugin descriptions. Use twice for debugging.
--colour,--color WHEN control whether colour is used. WHEN='always', 'never' or 'auto'
--quiet, -q Do not display brief logging to STDOUT
--no-errors Suppress error messages
LOGGING:
--log-brief=FILE Log brief, one-line output
--log-verbose=FILE Log verbose output
--log-xml=FILE Log XML format
PERFORMANCE & STABILITY:
--max-threads, -t Number of simultaneous threads. Default: 25.
--open-timeout Time in seconds. Default: 15
--read-timeout Time in seconds. Default: 30
--wait=SECONDS Wait SECONDS between connections
HELP & MISCELLANEOUS:
--help, -h This help
--debug Raise errors in plugins
--version Display version information. (WhatWeb 0.4.8-dev)
While WhatWeb is primarily a website fingerprinter it can also be used for spidering, banner grabbing, vulnerability scanning and data mining.
Example Usage:
Examples of how to use WhatWeb to scan.
Using WhatWeb to scan hacksheet.in
Scan a single website :
WhatWeb example.com
This is the simplest way to scan a website. Specify a URL on the command-line.
Scan multiple websites
WhatWeb reddit.com slashdot.org twitter.com
You can scan multiple websites by specifying the URLs on the commandline
Scan a list of URLs from a file
whatweb --input-file list.txt
You can scan the URLs specified in list.txt.
whatweb -i list.txt
It is faster to just type -i than — input-list.
Scan a network range
whatweb --no-errors 192.168.0.0/24