Information Gatheringwebscannerfingerprintingtechnologiescmsplugins

WhatWeb

WhatWeb is a next generation web scanner that identifies websites and recognizes web technologies including content management systems, blogging platforms, JavaScript libraries, web servers, and embedded devices. It has over 900 plugins to detect version numbers, email addresses, account IDs, and more.

Description

WhatWeb identifies web technologies used by websites through a comprehensive set of over 900 plugins, each designed to recognize specific components such as CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. It provides detailed information including version numbers, email addresses, account IDs, web framework modules, and SQL errors, making it invaluable for reconnaissance and security assessments.

Use cases include scanning individual websites, IP ranges, or networks to fingerprint technologies, detecting specific vulnerabilities tied to versions, and gathering intelligence for penetration testing. The tool supports aggressive scanning modes for higher reliability and various output formats for logging and analysis.

It operates with configurable aggression levels balancing speed, stealth, and thoroughness, and includes features like custom plugins, Google dorks, and support for proxies, authentication, and threading for efficient large-scale scans.

How It Works

WhatWeb uses plugins to match patterns in HTTP responses, headers, HTML content, and other web elements to identify technologies. It sends HTTP requests at specified aggression levels: level 1 is stealthy with one request per target following redirects; level 3 makes additional requests if level 1 plugins match; level 4 attempts URLs from all plugins. Plugins detect elements like server headers, doctype declarations, script tags, meta tags, and strings, extracting versions, OS info, and more. Supports threading, timeouts, redirects, custom user agents, headers, cookies, and proxy usage.

Installation

bash

sudo apt install whatweb

Flags

--aggression, -a=LEVELSet the aggression level. Default: 1. 1: Stealthy (one HTTP request per target, follows redirects). 3: Aggressive (additional requests if level 1 plugin matched). 4: Heavy (many HTTP requests per target).

--verbose, -vVerbose output includes plugin descriptions. Use twice for debugging.

--user-agent, -U=AGENTIdentify as AGENT instead of WhatWeb/0.6.3.

--input-file=FILE, -iRead targets from a file. Can pipe hostnames or URLs directly with -i /dev/stdin.

--url-prefixAdd a prefix to target URLs.

--url-suffixAdd a suffix to target URLs.

--no-errorsSuppress error messages.

--max-threads, -tNumber of simultaneous threads. Default: 25.

--plugins, -p=LISTSelect plugins. LIST is a comma delimited set of selected plugins. Default is all.

--log-brief=FILELog brief, one-line output.

Examples

Verbose aggressive scan of a local IP, reporting status, title, IP, country, summary of detected plugins like Apache, HTML5, HTTPServer, JQuery, Script, X-UA-Compatible, and HTTP headers.

whatweb -v -a 3 192.168.0.102

Scan example.com.

./whatweb example.com

Scan reddit.com and slashdot.org with verbose plugin descriptions.

./whatweb -v reddit.com slashdot.org

Aggressive scan of wired.com to detect the exact version of WordPress.

./whatweb -a 3 www.wired.com

Quickly scan the local network and suppress errors.

whatweb --no-errors 192.168.0.0/24

Scan the local network for HTTPS websites.

whatweb --no-errors --url-prefix https:// 192.168.0.0/24

Scan for crossdomain policies in the Alexa Top 1000.

./whatweb -i plugin-development/alexa-top-100.txt --url-suffix /crossdomain.xml -p crossdomain_xml

Updated 2026-04-16kali.org ↗