Here’s a detailed explanation of the WhatWeb tool in computing and cybersecurity:
🌐 What Is WhatWeb?
WhatWeb is a powerful web scanner used to identify technologies behind websites. Its goal is simple but crucial: to answer the question, “What is that website?” It helps security professionals, researchers, and developers understand what software and frameworks a site is running.
🧠 WhatWeb Can Detect
WhatWeb uses over 1800 plugins to recognize:
- 🧩 Content Management Systems (CMS) like WordPress, Joomla, Drupal
- 📊 Analytics tools like Google Analytics or Matomo
- ⚙️ Web servers (Apache, Nginx, IIS)
- 🧪 JavaScript libraries (jQuery, React, Angular)
- 🔐 Security mechanisms (WAFs, login portals)
- 🐞 SQL errors, email addresses, account IDs, and more
It can even detect version numbers and framework modules, making it a valuable reconnaissance tool.
🛠️ How It Works
When you visit a website, your browser exchanges data with the server—headers, cookies, HTML tags, etc. WhatWeb analyzes these clues to fingerprint the technologies in use.
You can control its behavior using aggression levels:
| Level | Description |
|---|---|
| Passive | Minimal interaction, stealthy |
| Polite | Slightly more probing |
| Aggressive | Thorough scanning, more requests |
| Heavy | Deep interrogation, useful in pen testing |
Example usage:
whatweb -a 3 http://example.com
This runs WhatWeb in aggressive mode against the target site.
📦 Features
- 🔍 Plugin-based architecture
- 🎯 Fuzzy matching and result certainty awareness
- 🧱 Proxy support (including TOR)
- 🧾 Multiple output formats: XML, JSON, SQL, etc.
- 🔐 Custom HTTP headers and authentication
- 🌐 Nmap-style IP range scanning
