Skip to content
bcoles edited this page Mar 24, 2011 · 39 revisions
                  .$$$     $.                                   .$$$     $.                  
                  $$$$     $$. .$$$  $$$ .$$$$$$.  .$$$$$$$$$$. $$$$     $$. .$$$$$$$. .$$$$$$.                  
                  $ $$     $$$ $ $$  $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$     $$$ $ $$   $$ $ $$$$$$.                  
                  $ `$     $$$ $ `$  $$$ $ `$  $$$ $$' $ `$ `$$ $ `$     $$$ $ `$      $ `$  $$$'                  
                  $. $     $$$ $. $$$$$$ $. $$$$$$ `$  $. $  :' $. $     $$$ $. $$$$   $. $$$$$.                  
                  $::$  .  $$$ $::$  $$$ $::$  $$$     $::$     $::$  .  $$$ $::$      $::$  $$$$                  
                  $;;$ $$$ $$$ $;;$  $$$ $;;$  $$$     $;;$     $;;$ $$$ $$$ $;;$      $;;$  $$$$                  
                  $$$$$$ $$$$$ $$$$  $$$ $$$$  $$$     $$$$     $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'                  

WhatWeb identifies content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers, embedded devices and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. "Powered by XYZ" and others are more subtle. WhatWeb recognises these cues and reports what it finds.

WhatWeb has over 900 plugins and needs community support to develop more. Plugins can identify systems with obvious identifying hints removed by also looking for subtle clues. For example, a WordPress site might remove the tag <meta name="generator" content="WordPress 2.6.5"> but the WordPress plugin also looks for "wp-content" which is less easy to disguise. Plugins are flexible and can return any datatype, for example plugins can return version numbers, email addresses, account ID's and more.

There are both passive and aggressive plugins. Passive plugins use information on the page, in cookies and in the URL to identify the system. A passive request is as light weight as a simple GET / HTTP/1.1 request. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don't need to know ruby to make them.

New to WhatWeb?

News

February 2011

December 2010

November 2010

  • WhatWeb's first birthday! One year since WhatWeb 0.3 was released on November 2nd 2009 at Kiwicon III.
  • WhatWeb has been integrated into BackBox.
  • WhatWeb added to the Rochester Institute of Technology SPARSA Wiki (Security Practices and Research Student Association)
  • WhatWeb and BlindElephant were featured in the How Does Your Gut Stack Up presentation at Kiwicon4.
    • How Does Your Gut Stack Up - no videos - 6,890 KB
    • How Does Your Gut Stack Up - slides+videos - Low Quality NSV - 14,452 KB
    • How Does Your Gut Stack Up - slides+videos - High Quality AVI - ~115MB

October 2010

  • Project milestone : 500 plugins!

September 2010

August 2010

July 2010

June 2010

May 2010

April 2010

March 2010

November 2009

Development

Read the RoadMap and developer Discussion regarding the future of WhatWeb.

Core

Plugins