WhatWeb is a web scanner included in Kali Linux, designed to identify and gather information about websites. It provides a wide range of details about a target, including web technologies, CMS (Content Management Systems), server versions, frameworks, plugins, and more. It is useful for reconnaissance in penetration testing and vulnerability assessments.
Key Features:
- Identifies web technologies such as CMS, frameworks, and server software.
- Detects versions of the software and technologies in use.
- Supports customizable plugins for in-depth analysis.
- Fast and lightweight, designed to scan a large number of websites quickly.
- Offers both stealthy and aggressive modes depending on the user’s needs.
Popular WhatWeb Commands:
whatweb <target-url>
whatweb https://example.com
whatweb -v <target-url>
- Combines verbose output with an aggressive scan for detailed analysis.
Use Cases:
- Reconnaissance: Used during the information gathering phase of penetration testing to identify technologies, server information, and software versions.
- CMS Detection: WhatWeb can quickly detect whether a website uses CMS like WordPress, Joomla, or Drupal, including the versions in use.
- Vulnerability Assessment: By identifying technologies and versions, WhatWeb helps to identify potentially vulnerable components in the web application stack.
WhatWeb is a versatile tool for web application reconnaissance, providing valuable insights into the technologies behind a target website.