fraggle/WebsiteTemplate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6f42a58ee5
WebsiteTemplate/cheatsheets/whatweb.html
Fraggle 6f42a58ee5
first commit
2026-01-25 11:33:37 -04:00

251 lines
8.0 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<link rel="stylesheet" href="../assets/css/style.css">
<link rel="icon" type="image/x-icon" href="../favicon.ico">
<script>
// Apply theme immediately to prevent flash
(function() {
const theme = localStorage.getItem('theme') ||
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
document.documentElement.setAttribute('data-theme', theme);
})();
</script>
<title>whatweb Cheatsheet - Cheatsheets - Launch Pad</title>
</head>
<body>
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
</button>
<br/><br/>
<div class="name">
__ _______________________ _________._________________________
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
\/ \/ \/ \/ \/ \/ \/
</div>
<div class="blog-page-header">
<div class="blog-header-content">
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
</a>
<h1 class="blog-page-title">whatweb Cheatsheet</h1>
</div>
</div>
<div class="blog-post-container">
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
<div class="blog-post">
<div class="blog-post-content">
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
<hr>
<p>WhatWeb identifies websites. It recognizes web technologies including CMS, blogging platforms, JavaScript libraries, web servers, embedded devices, version numbers, email addresses, and more.</p>
<hr>
<h2>Basic Usage</h2>
<ul>
<li>whatweb &lt;url&gt; - Basic fingerprint</li>
</ul>
<ul>
<li>whatweb example.com - Scan single target</li>
</ul>
<ul>
<li>whatweb -i urls.txt - Scan from file</li>
</ul>
<hr>
<h2>Aggression Levels</h2>
<ul>
<li>-a 1 - Stealthy (1 request per target)</li>
</ul>
<ul>
<li>-a 2 - Unused</li>
</ul>
<ul>
<li>-a 3 - Aggressive (triggers additional requests)</li>
</ul>
<ul>
<li>-a 4 - Heavy (tries all plugins, many requests)</li>
</ul>
<hr>
<h2>Output Options</h2>
<ul>
<li>-v - Verbose output (show all plugins)</li>
</ul>
<ul>
<li>--color=never - Disable colors</li>
</ul>
<ul>
<li>--log-brief=file.txt - Brief log format</li>
</ul>
<ul>
<li>--log-verbose=file.txt - Verbose log format</li>
</ul>
<ul>
<li>--log-xml=file.xml - XML output</li>
</ul>
<ul>
<li>--log-json=file.json - JSON output</li>
</ul>
<ul>
<li>--log-sql=file.sql - SQL insert statements</li>
</ul>
<ul>
<li>--log-sql-create=file.sql - SQL with create table</li>
</ul>
<hr>
<h2>Input Options</h2>
<ul>
<li>-i, --input-file - Read targets from file</li>
</ul>
<ul>
<li>--url-prefix - Add prefix to URLs</li>
</ul>
<ul>
<li>--url-suffix - Add suffix to URLs</li>
</ul>
<ul>
<li>--url-pattern - URL pattern for targets</li>
</ul>
<hr>
<h2>Performance</h2>
<ul>
<li>-t, --max-threads - Maximum threads (default 25)</li>
</ul>
<ul>
<li>--wait - Wait between connections</li>
</ul>
<ul>
<li>--max-redirects - Maximum redirects (default 10)</li>
</ul>
<ul>
<li>--open-timeout - Connection timeout</li>
</ul>
<ul>
<li>--read-timeout - Read timeout</li>
</ul>
<hr>
<h2>HTTP Options</h2>
<ul>
<li>-U, --user-agent - Custom user agent</li>
</ul>
<ul>
<li>--header "Name:Value" - Add custom header</li>
</ul>
<ul>
<li>-c, --cookie - Set cookie</li>
</ul>
<ul>
<li>--cookie-jar - Cookie jar file</li>
</ul>
<ul>
<li>-u, --user - HTTP basic auth (user:pass)</li>
</ul>
<hr>
<h2>Proxy Options</h2>
<ul>
<li>--proxy host:port - Use HTTP proxy</li>
</ul>
<ul>
<li>--proxy-user user:pass - Proxy authentication</li>
</ul>
<hr>
<h2>Plugin Options</h2>
<ul>
<li>-l, --list-plugins - List all plugins</li>
</ul>
<ul>
<li>-p, --plugins - Select plugins to use</li>
</ul>
<ul>
<li>--grep - Search for regex in responses</li>
</ul>
<ul>
<li>--info-plugins - Detailed plugin info</li>
</ul>
<hr>
<h2>Common Examples</h2>
<h3>Basic Scan</h3>
<pre><code>whatweb example.com</code></pre>
<p>Quick fingerprint of website.</p>
<h3>Verbose Output</h3>
<pre><code>whatweb -v example.com</code></pre>
<p>Show all detected technologies.</p>
<h3>Aggressive Scan</h3>
<pre><code>whatweb -a 3 example.com</code></pre>
<p>More thorough detection with additional requests.</p>
<h3>Multiple Targets</h3>
<pre><code>whatweb example.com example.org example.net</code></pre>
<p>Scan multiple sites at once.</p>
<h3>From File</h3>
<pre><code>whatweb -i urls.txt --log-json=results.json</code></pre>
<p>Scan list of URLs, output JSON.</p>
<h3>With Custom User Agent</h3>
<pre><code>whatweb -U "Mozilla/5.0 (Windows NT 10.0)" example.com</code></pre>
<p>Scan with custom user agent.</p>
<h3>IP Range Scan</h3>
<pre><code>whatweb 192.168.1.0/24</code></pre>
<p>Scan entire subnet for web servers.</p>
<h3>Search for Specific Technology</h3>
<pre><code>whatweb -p WordPress example.com</code></pre>
<p>Only check for WordPress.</p>
<h3>Grep for Strings</h3>
<pre><code>whatweb --grep "admin" example.com</code></pre>
<p>Search for strings in responses.</p>
<hr>
<h2>Common Plugins</h2>
<ul>
<li>Apache - Apache web server</li>
<li>nginx - nginx web server</li>
<li>WordPress - WordPress CMS</li>
<li>Drupal - Drupal CMS</li>
<li>Joomla - Joomla CMS</li>
<li>PHP - PHP language</li>
<li>jQuery - jQuery library</li>
<li>Bootstrap - Bootstrap framework</li>
<li>Cloudflare - Cloudflare CDN</li>
<li>Google-Analytics - Analytics tracking</li>
</ul>
<hr>
<h2>Tips</h2>
<ul>
<li>Use -v for detailed output of all findings</li>
</ul>
<ul>
<li>Start with aggression level 1 for stealth</li>
</ul>
<ul>
<li>Level 3-4 can trigger WAF/IDS</li>
</ul>
<ul>
<li>JSON output is great for parsing</li>
</ul>
<ul>
<li>Combine with other recon tools for full picture</li>
</ul>
<ul>
<li>Check version numbers for known vulnerabilities</li>
</ul>
<ul>
<li>Can scan IP ranges for web service discovery</li>
</ul>
<ul>
<li>Always get authorization before scanning</li>
</ul>
<hr>
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
</div>
</div>
</div>
</div>
<script async type="text/javascript" src="../blog/analytics.js"></script>
<script src="../theme.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink