- Find known vulnerable servers and applications from detected version numbers.
- Understand an organisations technological footprint and back-end systems.
About the WhatWeb Tool
With more than 250 plugins that identify technologies removing the “Powered By” reference may not be enough to obscure the technology being used.
Once an attacker has fingerprinted the technologies in use they can then move onto to exploiting them. By testing your system you can re-mediate and keep your technologies updated.
This is a non-intrusive scan, the system will download the web page and examine the HTML and HTTP header response.
The command line arguments used with the online Whatweb scan perform a passive analysis. For a full overview of the tool and the available options take a look at the project page.
Application fingerprint is the first step of the Information Gathering process; knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing.