Profiling Web Application With WhatWeb

Getting the information about website configuration and version is important during penetesting any web application, for this purposes you can consider WhatWeb. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.

It has over 900 plugins, each to recognize something also helps to identify version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.  Most WhatWeb plugins are thorough and recognize a range of cues from subtle to obvious.

Application profiling comes after the infrastructure profiling, this mean that after you understand the architecture you need to have more information and the complete picture about the web application including content, components, function, and flow of the web site to reach where vulnerabilities might be.

WhatWeb features several levels of aggression. By default the aggression level is set to 1 (passive) which sends a single HTTP GET request.

  1. (Passive) Make one HTTP request per target. Except for redirects.
  2. (Polite) Reserved for future use
  3. (Aggressive) Triggers aggressive plugin functions only when a plugin matches passively.
  4. (Heavy) Trigger aggressive functions for all plugins. Guess a lot of URLs like Nikto.

If aggression is enabled the aggressive plugins will guess more URLs and perform actions that are potentially unsuitable without permission.

You can download WhatWeb latest release from here.

make sure you subscribe to my RSS feed!