• Subscribe to the low volume list for updates.

WhatWeb Scan

Use this online version of the WhatWeb tool to fingerprint your web application, web server and other technologies of a web page. The tool examines the web server HTTP Headers and the HTML source of a web page to determine technologies in use.

Security vulnerabilities in well known web applications and technologies are a common attack vector. Keeping your web applications and client side scripts up to date can reduce your risk of being hacked significantly.

Launch WhatWeb Web Technology Scan
Login for access to WhatWeb Scanning
Detect web technologies in use on a site through passive analysis of a regular web request

MEMBERSHIP BENEFITS
  • Passive query against a web site to determine technologies in use
  • Discover web server, web applications, javascript and geolocation
  • Find vulnerable servers and applications from detected version
  • Understand an organisations technology footprint and back-end systems
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

Immediate access is available to new members or login now if you already have an account.

About the WhatWeb Tool

Content management systems (CMS), blog technologies, analytics packages, javascript libraries, web server versions are just some of the technologies that can be identified with WhatWeb. When you visit a web address in your browser the raw source has many unseen pointers about the server and software that is running on the web site. WhatWeb parses this code and identifies known technologies.

With more than 250 plugins that identify technologies removing the Powered By reference may not be enough to obscure the technology being used.

Application fingerprint is the first step of the Information Gathering process; knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing.

Once an attacker has fingerprinted the technologies in use they can then move onto to exploiting them. By testing your system you can re-mediate and keep your technologies updated.

Non-Intrusive or Passive Scan

The nature of the testing performed by WhatWeb is non-intrusive. Depending on your definition it could be called semi-passive as you are still sending packets to the target, however those packets would not be detected as anything other than a regular web page request.

The command line arguments used with the online Whatweb scan perform a passive analysis. For a full overview of the tool and the available options take a look at the project page.

Active Scanning

It is possible to perform more aggressive testing with WhatWeb. Using different command line options it is possible to have the tool attempt to guess file locations. This can help in identification of web applications and scripts as the location of certain files can confirm or provide further indicators to the technology in use.

The fact you are sending guesses at the target looking for certain files, means you are now creating noise on the web server as 404 not found errors are being generated. This is what moves the testing from passive to more active scanning.