Tool and Usage
|Latest release||0.4.9 |
Why this tool?
WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.
How it works
WhatWeb does its magic by looking into headers, HTML, and other pointers that might reveal what software components are used. By using plugins, WhatWeb can be extended and do better fingerprinting.
Usage and audience
WhatWeb is commonly used for reconnaissance or web application analysis. Target users for this tool are pentesters and security professionals.
- Can perform basic HTTP authentication
- Command line interface
- Customization and additions are possible
- Extendable with custom tests and plugins
- Focus on high performance
- Has option to influence speed and performance
- JSON output supported
- Support for TOR
- XML output supported
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Supported operating systems
WhatWeb is known to work on Linux.
Similar tools to WhatWeb:
Wig is a tool written in Python 3. It helps with information gathering and in particular the software used behind web applications.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
Wapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.
This tool page was updated at . Found an improvement? Help the community by submitting an update.