WhatWeb’s goal is to identify websites. With the aim of answering the question: “What is that Website?”. WhatWeb will recognise CMS technologies, blogs, statistics and analytic packages, JavaScript, web servers platforms, and embedded devices. WhatWeb has the ability to load over 900 plugins, each built to recognise something different. WhatWeb will also pull version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
WhatWeb can be exceptionally stealthy and fast and supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘passive’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for in penetration tests. WhatWeb Scanner Online is a port of the software into our web application scanners portal, and is available for free.
WhatWeb Online Web Scanner is now available in our penetration testing tools online scanners.
Check out our website security testing page for professional services that may interest you.