Use this online version of the WhatWeb tool to fingerprint your web application, web server and other technologies of a web page. The tool examines the web server HTTP Headers and the HTML source of a web page to determine technologies in use.
Security vulnerabilities in well known web applications and technologies are a common attack vector. Keeping your web applications and client side scripts up to date can reduce your risk of being hacked significantly.
Detect web technologies in use on a site through passive analysis of a regular web request
- Passive query against a web site to determine technologies in use
- Find vulnerable servers and applications from detected version
- Understand an organisations technology footprint and back-end systems
- Access to 27 Vulnerability Scanners and OSINT Tools
- Trusted Open Source Tools
About the WhatWeb Tool
With more than 250 plugins that identify technologies removing the Powered By reference may not be enough to obscure the technology being used.
Once an attacker has fingerprinted the technologies in use they can then move onto to exploiting them. By testing your system you can re-mediate and keep your technologies updated.
Non-Intrusive or Passive Scan
The nature of the testing performed by WhatWeb is non-intrusive. Depending on your definition it could be called semi-passive as you are still sending packets to the target, however those packets would not be detected as anything other than a regular web page request.
The command line arguments used with the online Whatweb scan perform a passive analysis. For a full overview of the tool and the available options take a look at the project page.
It is possible to perform more aggressive testing with WhatWeb. Using different command line options it is possible to have the tool attempt to guess file locations. This can help in identification of web applications and scripts as the location of certain files can confirm or provide further indicators to the technology in use.
The fact you are sending guesses at the target looking for certain files, means you are now creating noise on the web server as
404 not found errors are being generated. This is what moves the testing from passive to more active scanning.