From aldeid
Jump to navigation Jump to search


Whatweb is a Ruby script written by Andrew Horton aka urbanadventurer from Security-Assessment.com. WhatWeb is a web scanner that identifies installed stuff (forums, CMS, blogs, etc.) on a remote server. It is based on a set of 250 plugins and has two modes of processing: a passive mode enables to detect installed applications while you are surfing on a site; an aggressive mode enables to forge requests to gather more information.



$ sudo apt-get install ruby ruby-dev rubygems libxslt-ruby libxslt1-dev libopenssl-ruby
$ sudo gem install em-resolv-replace
$ sudo gem install json
$ sudo gem install bison
$ sudo gem install bson_ext
$ sudo gem install mongo

Installation of WhatWeb

Stable release

$ cd /data/src/
$ wget http://www.morningstarsecurity.com/downloads/whatweb-0.4.5.tar.gz
$ tar xzvf whatweb-0.4.5.tar.gz
$ mkdir -p /pentest/enumeration/www/
$ mv whatweb-0.4.5/ /pentest/enumeration/www/whatweb/

Check that you don't have any error while invoking:

$ cd /pentest/enumeration/www/whatweb/
$ ./whatweb --help

Development version

$ mkdir -p /pentest/enumeration/www/
$ cd /pentest/enumeration/www/
$ git clone https://github.com/urbanadventurer/WhatWeb.git


Basic syntax

$ ./whatweb [options] <URLs>


--input-file=FILE, -i
Identify URLs found in FILE, eg. -i /dev/stdin
--aggression, -a
1: passive - on-page
2: polite - unimplemented
3: impolite - guess URLs when plugin matches (smart, guess a few urls)
4: aggressive - guess URLs for every plugin (guess a lot of urls like nikto)
--recursion, -r
Follow links recursively. Only follows links under the path
(default: off)
--depth, -d
Maximum recursion depth
(default: 10)
--max-links, -m
Maximum number of links to follow on one page
(default: 250)
Redefine extensions to skip.
(default: zip,gz,tar,jpg,exe,png,pdf)
--list-plugins, -l
List the plugins
--run-plugins, -p
Run comma delimited list of plugins.
Default is all
--info-plugins, -I
Display information plugins. Optionally specific a comma delimited list.
--example-urls, -e
Add example urls for each plugin to the target list
--colour=[WHEN], --color=[WHEN]
control whether colour is used. WHEN may be never, always, or auto
Log verbose output
Log brief, one-line output
Log XML format
--user-agent, -U
Identify as user-agent instead of WhatWeb/0.4.5.
--max-threads, -t
Number of simultaneous threads. Default is 25.
Do not follow HTTP 3xx redirects.
<hostname[:port]> Set proxy hostname and port
(default: 8080)
<username:password> Set proxy user and password
Time in seconds
Time in seconds
Define a custom plugin call Custom,
Examples: ":text=>'powered by abc'"
":regexp=>/powered[ ]?by ab[0-9]/"
":ghdb=>'intitle:abc \"powered by abc\"'"
"{:text=>'powered by abc'},{:regexp=>/abc [ ]?1/i}"
Add a prefix to target URLs
Add a suffix to target URLs
Insert the targets into a URL. Requires --input-file,
eg. www.example.com/%insert%/robots.txt
--help, -h
This help
--verbose, -v
Increase verbosity, use twice for debugging.
Display version information.



15:11, 5 April 2011 (CEST)
WhatWeb 0.4.7 was released today and includes heaps more features and over 900 plugins.

Check it out at: http://www.morningstarsecurity.com/research/whatweb/

There's also a (restricted) live demo of WhatWeb 0.4.5 at http://whatweb.net/