LSE top 100LSE top 100WhatWeb (87)WhatWeb (87)

Tool and Usage

Project details

Programming language
Andrew Horton
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.

How it works

WhatWeb does its magic by looking into headers, HTML, and other pointers that might reveal what software components are used. By using plugins, WhatWeb can be extended and do better fingerprinting.

Usage and audience

WhatWeb is commonly used for reconnaissance or web application analysis. Target users for this tool are pentesters and security professionals.


  • Can perform basic HTTP authentication
  • Command line interface
  • Customization and additions are possible
  • Extendable with custom tests and plugins
  • Focus on high performance
  • Has option to influence speed and performance
  • JSON output supported
  • Support for TOR
  • XML output supported

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

WhatWeb is under development by Andrew Horton. This project is currently maintained by Brendan Coles.


Supported operating systems

WhatWeb is known to work on Linux.

WhatWeb alternatives

Similar tools to WhatWeb:



Wig is a tool written in Python 3. It helps with information gathering and in particular the software used behind web applications.



Web Application Security Scanner aimed towards helping users evaluate the security of web applications



Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.

All WhatWeb alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.