hacksheets > Bug-Bounty > WHATWEB (“What Is That Website?”)

WHATWEB (“What Is That Website?”)

The WhatWeb is a tool that is used to identify different web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. It has over 1700 plugins, each used to do something different.

Whatweb’s main use is to identify all sorts of information about a live website, like:

  • Platform
  • CMS platform
  • Type of Script
  • Google Analytics
  • Web server Platform
  • IP address, Country
  • 900+ Plugins & their libraries used
  • Server Headers, Cookies, and a lot more.

It is included in Kali Linux, and it can be accessed with the help of applications like 03 — Web Application Analysis | Web Vulnerability scanners, etc.


WhatWeb Features

  • Over 1700 plugins.
  • Controls the trade-off between speed/stealth and reliability.
  • Proxy support including TOR.
  • Custom HTTP headers.
  • Basic HTTP authentication.
  • Performance tuning. Control how many websites to scan concurrently.
  • Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, SQL, and ElasticSearch.
  • Performance tuning. Control how many websites to scan concurrently.
  • Control over webpage redirection.
  • Nmap-style IP ranges.
  • Fuzzy matching.
  • Result certainty awareness.
  • Custom plugins are defined on the command line.

Synax:

whatweb

TARGET SELECTION:

Enter URLs, filenames or nmap-format IP ranges.--input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin

TARGET MODIFICATION:

--url-prefix          Add a prefix to target URLs--url
-suffix               Add a suffix to target URLs
--url-pattern         Insert the targets into a URL. Requires --input-file,

AGGRESSION:


The aggression level controls the trade-off between speed/stealth and reliability.
--aggression, -a=LEVEL Set the aggression level. Default: 1
Aggression levels are: 1,2,3 & 4

HTTP OPTIONS:

--user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.8-dev.
--follow-redirect=WHEN Control when to follow redirects.Default: always
--max-redirects=NUM   Maximum number of contiguous redirects. Default: 10

AUTHENTICATION:

--user, -u= HTTP basic authenticationAdd 
session cookies with --header, e.g. --header "Cookie: SESSID=1a2b3c;"

PROXY:

--proxy               <hostname[:port]> Set proxy hostname and port Default: 8080
--proxy-user          Set proxy user and password

PLUGINS:

--list-plugins, -l    List all plugins

OUTPUT:

--verbose, -v         Verbose output includes plugin descriptions. Use twice for debugging.
--colour,--color      WHEN control whether colour is used. WHEN='always', 'never' or 'auto'
--quiet, -q           Do not display brief logging to STDOUT
--no-errors           Suppress error messages

LOGGING:

--log-brief=FILE      Log brief, one-line output
--log-verbose=FILE    Log verbose output
--log-xml=FILE        Log XML format

PERFORMANCE & STABILITY:

--max-threads, -t     Number of simultaneous threads. Default: 25.
--open-timeout        Time in seconds. Default: 15
--read-timeout        Time in seconds. Default: 30
--wait=SECONDS        Wait SECONDS between connections

HELP & MISCELLANEOUS:

--help, -h            This help
--debug               Raise errors in plugins
--version             Display version information. (WhatWeb 0.4.8-dev)

While WhatWeb is primarily a website fingerprinter it can also be used for spidering, banner grabbing, vulnerability scanning and data mining.

Example Usage:

Examples of how to use WhatWeb to scan.

Using WhatWeb to scan hacksheet.in

Scan a single website :

WhatWeb example.com

This is the simplest way to scan a website. Specify a URL on the command-line.

Scan multiple websites

WhatWeb reddit.com slashdot.org twitter.com

You can scan multiple websites by specifying the URLs on the commandline

Scan a list of URLs from a file

whatweb --input-file list.txt

You can scan the URLs specified in list.txt.

whatweb -i list.txt

It is faster to just type -i than — input-list.

Scan a network range

whatweb --no-errors 192.168.0.0/24

Leave a Reply