WhatWeb v0.4 - released
- Added HTTPS support
- Improved installation instructions
- Improved documentation
- Better compatibility with ruby 1.9. Changed a case statement syntax, changed when 0: to when 0 then.
- Removed UTF-8 characters in plugins that were causing crashes
- Added php-nuke plugin, passively recognises modules
- Added Fluxbb plugin, can identify versions aggressively
- Added meta powered-by plugin. Matches tags like:
<meta name="powered-by" content="abc/1.23" />
- Added powered by plugin. Matches "Powered by BobsCMS", any text following powered by
- Improved plugin info listing invoked by ./whatweb -I. Shows number of examples and matches, and shows presence of passive and aggressive functions
- Changed output style. Before strings are surrounded by single quotes, now all strings are surrounded by square brackets
- Added OpenCMS plugin submitted by Emilio Casbas
- Added TomCat plugin submitted by Louis Nyffenegger
- Improved meta-generator plugin
- Fixed a bug in processing a target list from a file where a trailing space would be interpreted incorrectly
WhatWeb has over 60 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues.
There are both passive and aggressive plugins, passive plugins use information on the page, in cookies and in the URL to identify the system. Aggressive plugins guess URLs and request more files. Plugins are easy to write, you don’t need to know ruby to make them.
whatweb [options] <URLs>
- —input-file=FILE, -i Identify URLs found in FILE
- —aggression, -a
- 1 passive - on-page
- 2 polite - follow on-page links if in the extra-urls list (default)
- 3 impolite - try extra-urls when plugin matches (smart, guess a few urls)
- 4 aggressive - try extra-urls for every plugin (guess a lot of urls)
- —recursion, -r Follow links recursively. Only follows links under the path (default: off)
- —depth, -d Maximum recursion depth (default: 3)
- —max-links, -m Maximum number of links to follow on one page (default: 25)
- —list-plugins, -l List the plugins
- —run-plugins, -p Run comma delimited list of plugins. Default is to run all
- —info-plugins, -I Display information about a comma delimited list of plugins. Default is all
- —example-urls, -e Add example urls for each plugin to the target list
- —color=[WHEN] control whether colour is used. WHEN may be `never’, `always’, or `auto’
- —log-full=FILE Log verbose output
- —log-brief=FILE Log brief, one-line output
- —user-agent, -U Identify as user-agent instead of WhatWeb/VERSION.
- —max-threads, -t Number of simultaneous threads identifying websites in parallel (CPU intensive). Default is 5.
- —help, -h This help
- —verbose, -v Increase verbosity (recommended), use twice for debugging.
More information: here
Thank you to our friend Andrew Horton, from MorningStarSecurity