WhatWeb has over 1700 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
WhatWeb can be hidden and fast, or deep but slow. When you visit a site with your browser, data sharing includes many tips on what web technologies feed that site.
Sometimes a single web visit contains enough information to identify a site, but when it does not, WhatWeb can further search the site. The default level of aggression, called "stealthy", is the fastest and requires only one HTTP request from a site. More aggressive ways of using it in penetration testing have been developed.
Most WhatWeb plugins are thorough and recognize a range of clues from subtle to obvious. For example, most WordPress sites can be identified by the meta-HTML tag, e.g. ” ', but a minority of WordPress sites remove this tag, but this does not prevent WhatWeb.
The WordPress WhatWeb plugin has over 15 trials, which include favicon checking, default installation files, login pages, and "/ wp-content /" checking in related links.
- Over 1800 plugins
- Check the balance between speed / privacy and reliability
- Performance coordination. Check how many sites are scanning at the same time.
- Multiple logging formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, ElasticSearch, SQL.
- Proxy support in TOR
- Custom HTTP headers
- Basic HTTP authentication
- Web redirect control
- Range from IP address
- Fuzzy matching
- Result of awareness of certainty
- Custom plugins are defined in the command line
- IDN (International Domain Name) Support
sudo apt-get install ruby ruby-dev libopenssl-ruby
sudo gem install bson
sudo gem install bson_ext
sudo gem install mongo
sudo gem install rchardet
git clone https://github.com/urbanadventurer/WhatWeb.git
You will find a user guide for the program here.