OpenSecAtlas
OPENSECATLAS
11/12 free views
Tool
CLI
Web Security

WhatWeb

by urbanadventurer

6.4Kstars
976forks
169watchers
Updated 3 months ago
About

WhatWeb is a next-generation web scanner that identifies web technologies and versions powering websites through extensive plugin-based detection.

Next generation web scanner

Primary Use Case

WhatWeb is primarily used by security professionals and penetration testers to quickly and accurately identify the underlying technologies of websites, including CMS, frameworks, and server details. It helps in vulnerability assessment and reconnaissance by revealing detailed technology stacks and potential security exposures.

Key Features
  • Over 1800 plugins for diverse technology detection
  • Adjustable aggression levels balancing speed and thoroughness
  • Supports multiple concurrent scans for performance tuning
  • Multiple output formats including JSON, XML, and SQL
  • Proxy support including TOR integration
  • Custom HTTP headers and basic HTTP authentication
  • Dual-protocol scanning for HTTP and HTTPS
  • Fuzzy matching and result certainty awareness

Usage

>_ ./whatweb reddit.com

Scans the website reddit.com to identify its web technologies and server details.

Security Frameworks
Reconnaissance
Discovery
Initial Access
Collection
Execution
Usage Insights
  • Integrate WhatWeb scans into CI/CD pipelines for continuous technology stack visibility and early vulnerability detection.
  • Combine WhatWeb with exploitation frameworks like Metasploit to automate reconnaissance-to-exploitation workflows in red team engagements.
  • Use WhatWeb's plugin architecture to develop custom detections tailored to organizational web assets and emerging threats.
  • Leverage proxy and TOR support for stealthy reconnaissance during red team operations to reduce detection risk.
  • Incorporate WhatWeb scan outputs into blue team threat hunting and incident response playbooks to improve detection of web-based attacks.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about WhatWeb. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile
Red Team80%
Blue Team40%
Purple Team60%
Details
LicenseGNU General Public License v2.0
LanguageRuby
Open Issues223
Topics
security
web
scanner
ruby
penetration-testing
kali-linux
owasp
penetration-testing-tools
penetration-test
hacking

Related Tools

caddy icon

caddy

caddyserver/caddy

Tool

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

69.2K
3 months ago
nginx icon

nginx

nginx/nginx

Tool

The official NGINX Open Source repository.

29.1K
3 months ago
nginxconfig.io icon

nginxconfig.io

digitalocean/nginxconfig.io

Tool

⚙️ NGINX config generator on steroids 💉

28.2K
8 months ago
SafeLine icon

SafeLine

chaitin/SafeLine

Tool

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

19.2K
5 months ago
DOMPurify icon

DOMPurify

cure53/DOMPurify

Library/SDK

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

16.5K
3 months ago
anubis icon

anubis

TecharoHQ/anubis

Tool

Weighs the soul of incoming HTTP requests to stop AI crawlers

16.2K
3 months ago