Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
WHATWEB(1)		    General Commands Manual		    WHATWEB(1)

       WhatWeb - Web scanner to	identify what websites are running.

       whatweb [options] <URLs>

       WhatWeb identifies websites. It's goal is to answer the question, "What
       is that Website?". WhatWeb recognises web technologies  including  con-
       tent  management	systems	(CMS), blogging	platforms, statistic/analytics
       packages, JavaScript libraries,	web  servers,  and  embedded  devices.
       WhatWeb	has  over  900 plugins,	each to	recognise something different.
       WhatWeb also identifies version numbers,	email addresses, account ID's,
       web framework modules, SQL errors, and more.

       WhatWeb	can  be	 stealthy and fast, or thorough	but slow. WhatWeb sup-
       ports an	aggression level to control the	trade off  between  speed  and
       reliability.  When you visit a website in your browser, the transaction
       includes	many hints of what web technologies are	powering that website.
       Sometimes  a  single webpage visit contains enough information to iden-
       tify a website but when it does not, WhatWeb can	interrogate  the  web-
       site further. The default level of aggression, called 'passive',	is the
       fastest and requires only one HTTP request of a website.	This is	 suit-
       able for	scanning public	websites. More aggressive modes	were developed
       for in penetration tests.

       Most WhatWeb plugins are	thorough and recognise a range	of  cues  from
       subtle  to obvious. For example,	most WordPress websites	can be identi-
       fied by the meta	HTML tag, e.g. '<meta name="generator"	content="Word-
       Press  2.6.5">',	but a minority of WordPress websites remove this iden-
       tifying tag but this does not thwart  WhatWeb.  The  WordPress  WhatWeb
       plugin  has  over 15 tests, which include checking the favicon, default
       installation files, login pages,	and checking for "/wp-content/"	within
       relative	links.


	    * Over 1000	plugins

	    * Control the trade	off between speed/stealth and reliability

	    *  Performance  tuning.  Control how many websites to scan concur-

	    * Multiple log formats: Brief (greppable),	Verbose	 (human	 read-
       able), XML, JSON, MagicTree, RubyObject,	MongoDB, SQL.

	    * Proxy support including TOR

	    * Custom HTTP headers

	    * Basic HTTP authentication

	    * Control over webpage redirection

	    * Nmap-style IP ranges

	    * Fuzzy matching

	    * Result certainty awareness

	    * Custom plugins defined on	the command line

       <URLs> Enter  URLs,  filenames or nmap-format IP	ranges.	Use /dev/stdin
	      to pipe HTML directly

       --input-file=FILE -i
	      Identify URLs found in FILE

       --aggression -a
	      1	(Stealthy) - Makes one HTTP request per	target.	 Also  follows

	      2	(Unused) -

	      3	(Aggressive) - Can make	a handful of HTTP requests per target.
	      This triggers aggressive plugins for  targets  only  when	 those
	      plugins are identified with a level 1 request first.

	      4	 (Heavy) - Makes a lot of HTTP requests	per target. Aggressive
	      tests from
	       all plugins are used for	all URLs.

       --list-plugins -l
	      List the plugins

       --plugins -p
	      Comma delimited set of selected plugins. Default is all.
	       Each element can	be a directory,	file or	plugin name and
	       can optionally have a modifier, eg. + or	-
	       Examples: +/tmp/moo.rb,+/tmp/foo.rb

       --info-plugins -I
	      Display information for all plugins. Optionally search
	       with keywords in	a comma	delimited list.

       --grep -g
	      Search for a string. Reports in a	plugin called Grep

       --colour=[WHEN] --color=[WHEN]
	      control whether colour is	used. WHEN may be  "never",  "always",
	      or "auto"

	      Log verbose output

       --quiet,	-q
	      Do not display brief logging to STDOUT

	      Log brief, one-line output

	      Log XML format

	      Log JSON format

	      Log SQL INSERT statements

	      Create SQL database tables

	      Log JSON Verbose format

	      Log MagicTree XML	format

	      Log Ruby object inspection format

	      Name of the MongoDB database

	      Name of the MongoDB collection. Default: whatweb

	      MongoDB hostname or IP address. Default:

	      MongoDB username.	Default: nil

	      MongoDB password.	Default: nil

	      Log errors

	      Suppress error messages

       --user-agent -U
	      Identify as user-agent instead of	WhatWeb/VERSION.

       --user -u <user:password>
	      HTTP basic authentication

       --header	-H
	      Add an HTTP header. eg "Foo:Bar".	Specifying a default
	       header will replace it. Specifying an empty value, eg.
	       "User-Agent:" will remove the header.

       --max-threads -t
	      Number of	simultaneous threads. Default is 25.

	      Control  when  to	 follow	redirects. WHEN	may be "never",	"http-
	      only", "meta-only", "same-site", "same-domain" or	"always"

	      Maximum number of	contiguous redirects. Default: 10

       --proxy <hostname[:port]>
	      Set proxy	hostname and port (default: 8080)

       --proxy-user <username:password>
	      Set proxy	user and password

	      Time in seconds. Default:	15

	      Time in seconds. Default:	30

	      Wait SECONDS between connections.	 This is useful	when  using  a
	      single thread.

	      Define  a	 custom	plugin call Custom, Examples: ":text=>'powered
	      by abc'" ":regexp=>/powered[ ]?by	ab[0-9]/" ":ghdb=>'intitle:abc
	      "powered	by  abc"'"  ":md5=>'8666257030b94d3bdb46e05945f60b42'"
	      "{:text=>'powered	by abc'},{:regexp=>/abc	[ ]?1/i}"

       --dorks <plugin name>
	      List google dorks	for the	selected plugin

	      Add a prefix to target URLs

	      Add a suffix to target URLs

	      Insert the  targets  into	 a  URL.  Requires  --input-file,  eg.

       --help -h
	      Display usage

       --verbose -v
	      Increase verbosity (recommended),	use twice for debugging.

	      Raise errors in plugins.

	      Display version information.


       Passive (Verbose):
	       whatweb -v

	       whatweb -a 3

       IP Ranges

       Report  bugs  and  feature  requests  to

       WhatWeb was written by Andrew Horton aka	urbanadventurer,  and  Brendan


				April 5th, 2011			    WHATWEB(1)


Want to link to this manual page? Use this URL:

home | help