WhatWeb is open source tool to identify different web technologies used by the website.

WhatWeb Free Security Software

Ruby based next generation website vulnerability scanner

WhatWeb is open source tool to discover security vulnerabilities in your web application. It is penetration testing tool to identify different web technologies used by the website.

WhatWeb is next generation web scanner and identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems, blogging platforms, statistic or analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression called ‘stealthy’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.

System Requirements

The following key dependency packages are required to install Whatweb software:

  • Ruby: 2.6.5
  • Bundler
  • Mongo database
  • Anemone
  • RubyMine editor
  • Git

Features

Some of the great features of WhatWeb are listed below:

  • Over 1800 plugins
  • Control the trade off between speed and reliability
  • Control over webpage redirection
  • Result certainty awareness
  • Control how many websites to scan concurrently
  • Basic HTTP authentication
  • Multiple log formats
  • Proxy support including TOR
  • IP address ranges
  • Custom HTTP headers
  • IDN support
  • Custom plugins
  • Fuzzy matching
  • Open source

Installation

Install WhatWeb On Ubuntu

WhatWeb scanner is simple and easy to get started software. To get started with WhatWeb, configure and setup environment with the necessary dependencies packages. whatweb is included in Kali Linux. You can also install it manually by running ‘sudo apt install whatweb’. But here we will setup development environment usgin clone the WhatWeb repository:

git clone https://github.com/urbanadventurer/WhatWeb.git
cd WhatWeb/

This will install WhatWeb system wide under Linux or macOS:

make install

Then run bundler the ruby dependency manager to install gems:

gem install bundler

Next, update bundler:

bundle update

Execute bundler from the WhatWeb source code folder to install dependencies defined in Gemfile:

bundle install

WhatWeb should be installed in your local folder

./whatweb --version

Install Anemone as Spidering library:

sudo gem install anemone

You can install rchardet for language character set detection to convert results to UTF-8:

sudo gem install rchardet

Examples of how to use WhatWeb to scan www.google.com

./whatweb www.google.com

You can scan multiple websites by specifying the multiple URLs on the command line like:

whatweb www.google.com slashdot.org twitter.com

Congratulations! You have now set up the WhatWeb Tool static analysis tool. Enjoy!

Explore

In this article we discussed about WhatWeb. To learn about other open source security scanning tools, please visit following page: