whatweb

Scan websites/targets for web technologies

$ whatweb [website1 website2 ...]

$ whatweb [[-i|--input-file]] [targets_file]

$ whatweb [[-v|--verbose]] [example.com]

$ whatweb [[-a|--aggression]] 3 [example.com]

$ whatweb --no-errors [192.168.0.0/24]

$ whatweb [[-l|--list-plugins]]

$ whatweb [[-I|--info-plugins]] [plugin_name]

whatweb [options] <targets>

    Specifies the target URL, IP address, CIDR range, or file containing targets to scan.

-v, --verbose
    Enables verbose output, displaying more details during the scanning process.

-a, --aggression
    Sets the aggression level (0-4), where higher levels increase the scan depth and time.

--input-file
    Reads targets from a specified file, with one target per line.

--log-json
    Logs the scan results to a specified file in JSON format.

--log-xml
    Logs the scan results to a specified file in XML format.

--user-agent
    Sets a custom User-Agent string for the HTTP requests made during the scan.

--plugins
    Selects specific plugins to run (e.g., 'WordPress,Apache').

--no-plugins
    Disables specific plugins from running during the scan.

--follow-redirects
    Automatically follows HTTP redirects to new locations.

whatweb is an open-source web scanner that identifies various web technologies used on websites. It employs numerous plugins to recognize content management systems (CMS), blogging platforms, JavaScript libraries, web servers, and other components. By analyzing HTML, HTTP headers, cookies, and other attributes, whatweb helps security professionals, developers, and system administrators gain insights into the technology stack of web applications. It supports multiple target inputs, including single URLs, IP addresses, CIDR ranges, and file lists, and offers diverse output formats for flexible reporting and integration into other tools.

Scanning websites without explicit permission can be illegal or unethical. Always obtain proper authorization before performing any scans.

While generally accurate, whatweb might occasionally misidentify technologies or miss very new/obscure ones. High aggression levels or scanning a large number of targets can be time-consuming and resource-intensive, and may also trigger intrusion detection/prevention systems (IDS/IPS).

whatweb supports various output formats beyond brief and verbose, including XML, JSON, and Greappable (suitable for piping to other tools). This flexibility allows for easy integration into automated workflows, detailed reporting, or custom script processing.

The modular plugin system is a core feature of whatweb. It allows for easy extension and customization, enabling users to create or modify plugins to identify specific technologies relevant to their unique requirements. This extensibility contributes significantly to its power and versatility.

whatweb was initially created by Andrew Horton (AJK) and first publicly released around 2009-2010. It quickly became a popular tool in the cybersecurity community for its efficiency in web technology identification. Since its inception, it has been actively maintained and regularly updated with new plugins and features to keep pace with the ever-evolving web technology landscape.

nmap(1), curl(1), nikto(1), wpscan(1), gobuster(1)