__ _______________________ _________._________________________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

whatweb Cheatsheet

← Back to cheatsheets

← Home

WhatWeb identifies websites. It recognizes web technologies including CMS, blogging platforms, JavaScript libraries, web servers, embedded devices, version numbers, email addresses, and more.

Basic Usage

  • whatweb <url> - Basic fingerprint
  • whatweb example.com - Scan single target
  • whatweb -i urls.txt - Scan from file

Aggression Levels

  • -a 1 - Stealthy (1 request per target)
  • -a 2 - Unused
  • -a 3 - Aggressive (triggers additional requests)
  • -a 4 - Heavy (tries all plugins, many requests)

Output Options

  • -v - Verbose output (show all plugins)
  • --color=never - Disable colors
  • --log-brief=file.txt - Brief log format
  • --log-verbose=file.txt - Verbose log format
  • --log-xml=file.xml - XML output
  • --log-json=file.json - JSON output
  • --log-sql=file.sql - SQL insert statements
  • --log-sql-create=file.sql - SQL with create table

Input Options

  • -i, --input-file - Read targets from file
  • --url-prefix - Add prefix to URLs
  • --url-suffix - Add suffix to URLs
  • --url-pattern - URL pattern for targets

Performance

  • -t, --max-threads - Maximum threads (default 25)
  • --wait - Wait between connections
  • --max-redirects - Maximum redirects (default 10)
  • --open-timeout - Connection timeout
  • --read-timeout - Read timeout

HTTP Options

  • -U, --user-agent - Custom user agent
  • --header "Name:Value" - Add custom header
  • -c, --cookie - Set cookie
  • --cookie-jar - Cookie jar file
  • -u, --user - HTTP basic auth (user:pass)

Proxy Options

  • --proxy host:port - Use HTTP proxy
  • --proxy-user user:pass - Proxy authentication

Plugin Options

  • -l, --list-plugins - List all plugins
  • -p, --plugins - Select plugins to use
  • --grep - Search for regex in responses
  • --info-plugins - Detailed plugin info

Common Examples

Basic Scan

whatweb example.com

Quick fingerprint of website.

Verbose Output

whatweb -v example.com

Show all detected technologies.

Aggressive Scan

whatweb -a 3 example.com

More thorough detection with additional requests.

Multiple Targets

whatweb example.com example.org example.net

Scan multiple sites at once.

From File

whatweb -i urls.txt --log-json=results.json

Scan list of URLs, output JSON.

With Custom User Agent

whatweb -U "Mozilla/5.0 (Windows NT 10.0)" example.com

Scan with custom user agent.

IP Range Scan

whatweb 192.168.1.0/24

Scan entire subnet for web servers.

Search for Specific Technology

whatweb -p WordPress example.com

Only check for WordPress.

Grep for Strings

whatweb --grep "admin" example.com

Search for strings in responses.

Common Plugins

  • Apache - Apache web server
  • nginx - nginx web server
  • WordPress - WordPress CMS
  • Drupal - Drupal CMS
  • Joomla - Joomla CMS
  • PHP - PHP language
  • jQuery - jQuery library
  • Bootstrap - Bootstrap framework
  • Cloudflare - Cloudflare CDN
  • Google-Analytics - Analytics tracking

Tips

  • Use -v for detailed output of all findings
  • Start with aggression level 1 for stealth
  • Level 3-4 can trigger WAF/IDS
  • JSON output is great for parsing
  • Combine with other recon tools for full picture
  • Check version numbers for known vulnerabilities
  • Can scan IP ranges for web service discovery
  • Always get authorization before scanning

← Back to cheatsheets

← Home