whatweb

Web technology fingerprinting tool. Identifies CMS, frameworks, and server software.

Quickstart

# Scan single URL
whatweb https://target.com

# Verbose output
whatweb -v https://target.com

# Aggressive mode
whatweb -a 3 https://target.com

# Scan list
whatweb -i urls.txt

Core Concepts

Concept	Description
Plugins	Detection modules for technologies
Aggression	1=passive, 3=aggressive
Fingerprinting	Match patterns in responses

Syntax

whatweb [options] <url>
whatweb [options] -i <file>

Options

Input

Option	Description
`<url>`	Single URL
`-i <file>`	Input file
`--input-file <f>`	Same as -i

Aggression

Option	Description
`-a <level>`	Aggression level (1-4)
`--aggression <n>`	1=stealthy, 3=aggressive, 4=heavy

Output

Option	Description
`-v`	Verbose
`-q`	Quiet
`--color=never`	No colors
`--log-verbose <f>`	Verbose log
`--log-brief <f>`	Brief log
`--log-json <f>`	JSON output
`--log-xml <f>`	XML output

Request

Option	Description
`-U <ua>`	User agent
`-H <header>`	Custom header
`--cookie <c>`	Cookie
`--proxy <url>`	Proxy

Performance

Option	Description
`-t <n>`	Threads
`--wait <sec>`	Delay between requests
`--max-threads <n>`	Max threads

Plugins

Option	Description
`-l`	List plugins
`-p <plugins>`	Use specific plugins
`--info-plugins <p>`	Plugin info

Recipes

Basic Scanning

# Simple scan
whatweb https://target.com

# Verbose
whatweb -v https://target.com

# Very verbose
whatweb -vv https://target.com

# Multiple targets
whatweb https://target1.com https://target2.com

Aggression Levels

# Passive (1 request)
whatweb -a 1 https://target.com

# Medium (default)
whatweb -a 2 https://target.com

# Aggressive (more requests)
whatweb -a 3 https://target.com

# Heavy (many requests)
whatweb -a 4 https://target.com

List Scanning

# From file
whatweb -i urls.txt

# From stdin
cat urls.txt | whatweb

# With options
whatweb -i urls.txt -a 3 -v

Specific Plugins

# List available plugins
whatweb -l

# Use specific plugins
whatweb -p wordpress,apache,php https://target.com

# Plugin info
whatweb --info-plugins wordpress

Output Formats

# JSON output
whatweb --log-json results.json https://target.com

# XML output
whatweb --log-xml results.xml https://target.com

# Brief log
whatweb --log-brief brief.txt https://target.com

# Verbose log
whatweb --log-verbose verbose.txt https://target.com

Through Proxy

# HTTP proxy
whatweb --proxy http://127.0.0.1:8080 https://target.com

# With auth
whatweb --proxy-user admin:pass --proxy http://proxy:8080 https://target.com

With Authentication

# Cookie
whatweb --cookie "session=abc123" https://target.com

# Custom header
whatweb -H "Authorization: Bearer token" https://target.com

# User agent
whatweb -U "Mozilla/5.0 Custom" https://target.com

Network Range

# Scan subnet (careful!)
whatweb 10.10.10.0/24

# With port
whatweb 10.10.10.10:8080

Integration Pipeline

# httpx → whatweb
cat hosts.txt | httpx -silent | xargs -I {} whatweb {}

# subfinder → httpx → whatweb
subfinder -d target.com -silent | httpx -silent | \
  while read url; do whatweb "$url"; done

# Output to JSON for parsing
cat urls.txt | while read url; do
  whatweb --log-json - "$url" 2>/dev/null
done | jq -s '.'

Output & Parsing

# JSON output
whatweb --log-json results.json https://target.com

# Parse JSON
cat results.json | jq -r '.[].plugins | keys[]'

# Find specific tech
whatweb https://target.com | grep -i wordpress

# Extract version info
whatweb -v https://target.com 2>&1 | grep -E "version|[0-9]+\.[0-9]+"

Troubleshooting

Issue	Solution
Slow scan	Reduce `-a` level
Missing detections	Increase `-a` level
Blocked	Change `-U` user agent
Timeout	Check connectivity

References

← Retour aux cheat sheets