WhatWeb — Web Technology Fingerprinting

Next-generation web scanner that identifies web technologies, CMS, frameworks, and plugins.

What is WhatWeb?

WhatWeb is a next-generation web fingerprinting tool used during the reconnaissance phase of penetration testing. It identifies over 1,800 web technologies including content management systems (WordPress, Joomla, Drupal), blogging platforms, JavaScript libraries, web servers (Apache, Nginx), analytics tools, and server-side languages. By profiling a target's tech stack, pentesters can narrow down known vulnerabilities specific to those technologies.

⚠ Legal Notice

Only use this tool on systems you own or have explicit written authorization to test. Unauthorized use is a criminal offense under Pakistan's PECA 2016 and similar laws worldwide.

Installation

# Update package list first
sudo apt update

# Install WhatWeb (pre-installed on Kali)
sudo apt install whatweb -y

# Verify installation
whatweb --version

Basic Usage

WhatWeb supports multiple aggression levels — from a single passive request to aggressive crawling. Always start with level 1 on authorized targets.

# Basic scan of a single target
whatweb https://target.com

# Increase verbosity for more detail
whatweb -v https://target.com

# Aggression level 3 (more requests, more data)
whatweb -a 3 https://target.com

# Scan multiple targets from a file
whatweb -i targets.txt

# Output results to a file (JSON format)
whatweb --log-json=results.json https://target.com

# Suppress errors, quiet output
whatweb -q https://target.com

# Scan an entire subnet
whatweb 192.168.1.0/24

Aggression Levels

-a 1 — Stealthy (single request per target, default)
-a 2 — Unused (reserved)
-a 3 — Aggressive (makes additional requests to fingerprint more plugins)
-a 4 — Heavy (requests every URL for each target)

Common Use Cases

Authorized penetration testing engagements
CTF (Capture The Flag) challenges
Internal security audits
Bug bounty reconnaissance and technology mapping

Tips & Best Practices

Use WhatWeb early in the recon phase to build a technology profile before running targeted exploit tools. Combine its output with nikto or nmap scripts for a more complete picture of the attack surface. The JSON output format is particularly useful for piping results into automated reporting pipelines.

Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs before using in live engagements.