WhatWeb Free Security Software
Ruby Based Next Generation Website Vulnerability Scanner
WhatWeb is an open-source tool to discover security vulnerabilities in your web application. It also helps to identify web technologies used by the website.
WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
The following key dependency packages are required to install Whatweb open web application security project:
- Ruby: 2.6.5
- Mongo database
- RubyMine editor
Some of the great features of WhatWeb web application vulnerability scanner are listed below:
- Over 1800 plugins
- Control the trade off between speed and reliability
- Control over webpage redirection
- Result certainty awareness
- Control how many websites to scan concurrently
- Basic HTTP authentication
- Multiple log formats
- Proxy support including TOR
- IP address ranges
- Custom HTTP headers
- IDN support
- Custom plugins
- Fuzzy matching
- Open source
Install WhatWeb On Ubuntu
WhatWeb scanner is simple and easy to get started software. To get started with WhatWeb, configure and setup environment with the necessary dependencies packages. whatweb is included in Kali Linux. You can also install it manually by running ‘sudo apt install whatweb’. But here we will setup development environment usgin clone the WhatWeb repository:
git clone https://github.com/urbanadventurer/WhatWeb.git cd WhatWeb/
This will install WhatWeb system wide under Linux or macOS:
Then run bundler the ruby dependency manager to install gems:
gem install bundler
Next, update bundler:
Execute bundler from the WhatWeb source code folder to install dependencies defined in Gemfile:
WhatWeb penetration testing framework should be installed in your local folder
Install Anemone as Spidering library:
sudo gem install anemone
You can install rchardet for language character set detection to convert results to UTF-8:
sudo gem install rchardet
Examples of how to use WhatWeb to scan www.google.com
You can scan multiple websites by specifying the multiple URLs on the command line like:
whatweb www.google.com slashdot.org twitter.com
Congratulations! You have now set up the WhatWeb website vulnerability scanner. Enjoy!
What is WhatWeb?
The WhatWeb tool is web application analysis and web vulnerability scanner. It is next generation web scanner that is used to identify different web technologies used by a website.
Is WhatWeb open source?
WhatWeb is a best open source application security tool to identify different web technologies used by a website. WhatWeb source code repository is available at Github.
Is WhatWeb free?
WhatWeb is one of the best web application security solutions. It is a free to use and download next generation website vulnerability scanner.
In what language is WhatWeb written?
WhatWeb web app vulnerabilities scanner is written in Ruby programming language.
What WhatWeb do?
WhatWeb open source tool identifies websites and test website vulnerability. It is used to fingerprint a website detecting applications, web servers and other technologies. It can exmaine a single webpage or the web server HTTP Headers and the HTML source of a webpage to identify technologies on a website.
In this article we discussed about WhatWeb next generation web scanner. To learn about other open source security testing tools, please visit following page: