WhatWeb v0.4.1 - released

Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.

Version 0.4.1

  • Removed dependency on rubygems and libxslt by modifying and locally including the Anemone gem. This also simplified installation
  • Fixed a bug which didn’t send URL parameters. eg. would send /index.php instead of /index.php?q=foo
  • Improved installation instructions. Henri Salo contacted me to say ruby-dev is required for Anemone
  • Removed UTF-8 character in formmail
  • Changed require ’md5’ to require ’digest/md5’ for compatibility with ruby 1.9
  • Fixed bug in Tomcat plugin
  • Added SilverStripe plugin
  • Added DotNetNuke plugin
  • Added HTML5 plugin
  • Added PHP error plugin
  • Modified PHP-Nuke plugin
  • Changed the plugin development script, wget-list to retry only twice
  • Added proxy support
  • Default threads is now 25
  • Default max recursive spidering depth is now 10
  • Default max number of links to follow on a single page is now 250

WhatWeb has over 60 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues.

There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.

JPEG - 49.2 kb

Usage:

whatweb [options] <URLs>

  • —input-file=FILE, -i Identify URLs found in FILE
  • —aggression, -a
    • 1 passive - on-page
    • 2 polite - follow on-page links if in the extra-urls list (default)
    • 3 impolite - try extra-urls when plugin matches (smart, guess a few urls)
    • 4 aggressive - try extra-urls for every plugin (guess a lot of urls)
  • —recursion, -r Follow links recursively. Only follows links under the path (default: off)
  • —depth, -d Maximum recursion depth (default: 3)
  • —max-links, -m Maximum number of links to follow on one page (default: 25)
  • —list-plugins, -l List the plugins
  • —run-plugins, -p Run comma delimited list of plugins. Default is to run all
  • —info-plugins, -I Display information about a comma delimited list of plugins. Default is all
  • —example-urls, -e Add example urls for each plugin to the target list
  • —colour=[WHEN],
  • —color=[WHEN] control whether colour is used. WHEN may be `never’, `always’, or `auto’
  • —log-full=FILE Log verbose output
  • —log-brief=FILE Log brief, one-line output
  • —user-agent, -U Identify as user-agent instead of WhatWeb/VERSION.
  • —max-threads, -t Number of simultaneous threads identifying websites in parallel (CPU intensive). Default is 5.
  • —help, -h This help
  • —verbose, -v Increase verbosity (recommended), use twice for debugging.

More information: here

Thank you to our friend Andrew Horton, from MorningStarSecurity