WhatWeb Free Security Software
Ruby Based Next Generation Website Vulnerability Scanner
WhatWeb is an open-source tool to discover security vulnerabilities in your web application. It also helps to identify web technologies used by the website.
Overview
WhatWeb is next generation web scanner and identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems, blogging platforms, statistic or analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
System Requirements
The following key dependency packages are required to install Whatweb open web application security project:
- Ruby: 2.6.5
- Bundler
- Mongo database
- Anemone
- RubyMine editor
- Git
Features
Some of the great features of WhatWeb web application vulnerability scanner are listed below:
- Over 1800 plugins
- Control the trade off between speed and reliability
- Control over webpage redirection
- Result certainty awareness
- Control how many websites to scan concurrently
- Basic HTTP authentication
- Multiple log formats
- Proxy support including TOR
- IP address ranges
- Custom HTTP headers
- IDN support
- Custom plugins
- Fuzzy matching
- Open source
Installation
Install WhatWeb On Ubuntu
WhatWeb scanner is simple and easy to get started software. To get started with WhatWeb, configure and setup environment with the necessary dependencies packages. whatweb is included in Kali Linux. You can also install it manually by running ‘sudo apt install whatweb’. But here we will setup development environment usgin clone the WhatWeb repository:
git clone https://github.com/urbanadventurer/WhatWeb.git
cd WhatWeb/
This will install WhatWeb system wide under Linux or macOS:
make install
Then run bundler the ruby dependency manager to install gems:
gem install bundler
Next, update bundler:
bundle update
Execute bundler from the WhatWeb source code folder to install dependencies defined in Gemfile:
bundle install
WhatWeb penetration testing framework should be installed in your local folder
./whatweb --version
Install Anemone as Spidering library:
sudo gem install anemone
You can install rchardet for language character set detection to convert results to UTF-8:
sudo gem install rchardet
Examples of how to use WhatWeb to scan www.google.com
./whatweb www.google.com
You can scan multiple websites by specifying the multiple URLs on the command line like:
whatweb www.google.com slashdot.org twitter.com
Congratulations! You have now set up the WhatWeb website vulnerability scanner. Enjoy!
FAQs
What is WhatWeb?
The WhatWeb tool is web application analysis and web vulnerability scanner. It is next generation web scanner that is used to identify different web technologies used by a website.
Is WhatWeb open source?
WhatWeb is a best open source application security tool to identify different web technologies used by a website. WhatWeb source code repository is available at Github.
Is WhatWeb free?
WhatWeb is one of the best web application security solutions. It is a free to use and download next generation website vulnerability scanner.
In what language is WhatWeb written?
WhatWeb web app vulnerabilities scanner is written in Ruby programming language.
What WhatWeb do?
WhatWeb open source tool identifies websites and test website vulnerability. It is used to fingerprint a website detecting applications, web servers and other technologies. It can exmaine a single webpage or the web server HTTP Headers and the HTML source of a webpage to identify technologies on a website.
