TuesdayTool 27: WhatWeb, Another Powerful Web Scanner

3 min readFeb 4, 2025

Introduction

Every cybersecurity professional needs to perform a web scan at some point. For some people, like penetration testers, it is a normal task during a pentest, while for some other roles, it may be rare. WhatWeb is a web scanning tool designed to help users identify the technologies that power websites. Although it may sound technical, using WhatWeb can be straightforward, even for those without a technical background. Here’s a simple guide on how to use WhatWeb.

What is WhatWeb?

WhatWeb is an open-source tool that analyzes websites to discover various technologies they utilize, such as:

Content Management Systems (CMS)
JavaScript Libraries
Web servers
Embedded devices
Analytics packages

It can provide detailed information about the website, including version numbers and error messages

WhatWeb web home page.

How to Use WhatWeb

WhatWeb can be used in two ways:

WhatWeb web application:
WhatWeb command line interface

WhatWeb Web

Step 1: Navigate to https://www.whatweb.net/

Step 2: Type the domain you want to scan

Step 3: Click Go

Then wait for the result.

WhatWeb CLI

Step 1: Installation

To get started with WhatWeb, you first need to install it on your computer. If you’re using a Debian-based system like Ubuntu, you can easily do this by opening your terminal and typing:

bashsudo apt-get install whatweb

This command will download and install WhatWeb for you

Step 2: Running WhatWeb

Once installed, you can run WhatWeb through the terminal. To analyze a website, type the following command:

bashwhatweb [website URL]

Replace

[website URL]

with the actual address of the website you want to scan. For example:

bashwhatweb <https://www.example.com>

This command will initiate the scan and display the results in your terminal

Step 3: Understanding the Results

After running the command, WhatWeb will provide a list of technologies detected on the website. This may include:

The type of web server (e.g., Apache, Nginx)
The CMS used (e.g., WordPress, Joomla)
Any JavaScript libraries in use (e.g., jQuery)

The output will help you understand how the website is built and what technologies support its functionality

Optional Features

WhatWeb also has various options to customize your scans:

Aggression Levels: You can adjust how thorough the scan is. A stealthy scan uses fewer requests and is faster, while more aggressive scans provide deeper insights but take longer. To set a higher aggression level, use: Replace [level] with a number from 1 (stealthy) to 4 (heavy)3 7.

bashwhatweb -a [level] [website URL]

Plugins: WhatWeb supports numerous plugins that can be specified for more targeted scans. You can view available plugins with:

bashwhatweb -l

Conclusion

WhatWeb is a powerful tool for anyone interested in understanding web technologies without extensive technical knowledge. You can effectively use WhatWeb to gather information about any website by following simple steps- installing, running a scan, and interpreting results.

Till I come your way again next 2 weeks Tuesday, #BeCyberSmart

Cyberliza writes TuesdayTool