GARY IS COMING FOR YOU

You shouldn't have done that.

whatweb Tool Reference

WhatWeb identifies websites. It recognizes web technologies including CMS, blogging platforms, JavaScript libraries, web servers, embedded devices, version numbers, email addresses, and more.

Basic Usage

  • whatweb <url> - Basic fingerprint
  • whatweb example.com - Scan single target
  • whatweb -i urls.txt - Scan from file

Aggression Levels

  • -a 1 - Stealthy (1 request per target)
  • -a 2 - Unused
  • -a 3 - Aggressive (triggers additional requests)
  • -a 4 - Heavy (tries all plugins, many requests)

Output Options

  • -v - Verbose output (show all plugins)
  • --color=never - Disable colors
  • --log-brief=file.txt - Brief log format
  • --log-verbose=file.txt - Verbose log format
  • --log-xml=file.xml - XML output
  • --log-json=file.json - JSON output
  • --log-sql=file.sql - SQL insert statements
  • --log-sql-create=file.sql - SQL with create table

Input Options

  • -i, --input-file - Read targets from file
  • --url-prefix - Add prefix to URLs
  • --url-suffix - Add suffix to URLs
  • --url-pattern - URL pattern for targets

Performance

  • -t, --max-threads - Maximum threads (default 25)
  • --wait - Wait between connections
  • --max-redirects - Maximum redirects (default 10)
  • --open-timeout - Connection timeout
  • --read-timeout - Read timeout

HTTP Options

  • -U, --user-agent - Custom user agent
  • --header "Name:Value" - Add custom header
  • -c, --cookie - Set cookie
  • --cookie-jar - Cookie jar file
  • -u, --user - HTTP basic auth (user:pass)

Proxy Options

  • --proxy host:port - Use HTTP proxy
  • --proxy-user user:pass - Proxy authentication

Plugin Options

  • -l, --list-plugins - List all plugins
  • -p, --plugins - Select plugins to use
  • --grep - Search for regex in responses
  • --info-plugins - Detailed plugin info

Common Examples

Basic Scan

whatweb example.com

Quick fingerprint of website.

Verbose Output

whatweb -v example.com

Show all detected technologies.

Aggressive Scan

whatweb -a 3 example.com

More thorough detection with additional requests.

Multiple Targets

whatweb example.com example.org example.net

Scan multiple sites at once.

From File

whatweb -i urls.txt --log-json=results.json

Scan list of URLs, output JSON.

With Custom User Agent

whatweb -U "Mozilla/5.0 (Windows NT 10.0)" example.com

Scan with custom user agent.

IP Range Scan

whatweb 192.168.1.0/24

Scan entire subnet for web servers.

Search for Specific Technology

whatweb -p WordPress example.com

Only check for WordPress.

Grep for Strings

whatweb --grep "admin" example.com

Search for strings in responses.

Common Plugins

  • Apache - Apache web server
  • nginx - nginx web server
  • WordPress - WordPress CMS
  • Drupal - Drupal CMS
  • Joomla - Joomla CMS
  • PHP - PHP language
  • jQuery - jQuery library
  • Bootstrap - Bootstrap framework
  • Cloudflare - Cloudflare CDN
  • Google-Analytics - Analytics tracking

Tips

  • Use -v for detailed output of all findings
  • Start with aggression level 1 for stealth
  • Level 3-4 can trigger WAF/IDS
  • JSON output is great for parsing
  • Combine with other recon tools for full picture
  • Check version numbers for known vulnerabilities
  • Can scan IP ranges for web service discovery
  • Always get authorization before scanning