Usage
.$$$ $. .$$$ $.
$$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$.
$ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$.
$ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$'
$. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$.
$::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$
$;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$
$$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$'
WhatWeb - Next generation web scanner.
Version 0.4.6 by Andrew Horton aka urbanadventurer from Security-Assessment.com
Homepage: http://www.morningstarsecurity.com/research/whatweb
Usage: whatweb [options]
TARGET SELECTION:
Enter URLs, filenames or nmap-format IP ranges.
Use /dev/stdin to pipe HTML directly
--input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin
--url-prefix Add a prefix to target URLs
--url-suffix Add a suffix to target URLs
--url-pattern Insert the targets into a URL. Requires --input-file,
eg. www.example.com/%insert%/robots.txt
--example-urls, -e Add example URLs for each selected plugin to the target
list. By default will add example URLs for all plugins.
AGGRESSION LEVELS:
--aggression, -a=LEVEL The aggression level controls the trade-off between
speed/stealth and reliability. Default: 1
Aggression levels are:
1 (Passive) Make one HTTP request per target. Except for redirects.
2 (Polite) Reserved for future use
3 (Aggressive) Triggers aggressive plugin functions only when a
plugin matches passively.
4 (Heavy) Trigger aggressive functions for all plugins. Guess a
lot of URLs like Nikto.
HTTP OPTIONS:
--user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.6.
--user, -u= HTTP basic authentication
--header, -H Add an HTTP header. eg "Foo:Bar". Specifying a default
header will replace it. Specifying an empty value, eg.
"User-Agent:" will remove the header.
--follow-redirect=WHEN Control when to follow redirects. WHEN may be `never',
`http-only', `meta-only', `same-site', `same-domain'
or `always'. Default: always
--max-redirects=NUM Maximum number of contiguous redirects. Default: 10
SPIDERING:
--recursion, -r Follow links recursively. Only follow links under the
path Default: off
--depth, -d Maximum recursion depth. Default: 10
--max-links, -m Maximum number of links to follow on one page
Default: 250
--spider-skip-extensions Redefine extensions to skip.
Default: zip,gz,tar,jpg,exe,png,pdf
PROXY:
--proxy Set proxy hostname and port
Default: 8080
--proxy-user Set proxy user and password
PLUGINS:
--plugins, -p Comma delimited set of selected plugins. Default is all.
Each element can be a directory, file or plugin name and
can optionally have a modifier, eg. + or -
Examples: +/tmp/moo.rb,+/tmp/foo.rb
title,md5,+./plugins-disabled/
./plugins-disabled,-md5
--list-plugins, -l List the plugins
--info-plugins, -I Display information for all plugins. Optionally search
with keywords in a comma delimited list.
--custom-plugin Define a custom plugin called Custom-Plugin,
Examples: ":text=>'powered by abc'"
":regexp=>/powered[ ]?by ab[0-9]/"
":ghdb=>'intitle:abc \"powered by abc\"'"
":md5=>'8666257030b94d3bdb46e05945f60b42'"
"{:text=>'powered by abc'},{:regexp=>/abc [ ]?1/i}"
LOGGING & OUTPUT:
--verbose, -v Increase verbosity, use twice for plugin development.
--colour,--color=WHEN control whether colour is used. WHEN may be `never',
`always', or `auto'
--log-brief=FILE Log brief, one-line output
--log-verbose=FILE Log verbose output
--log-xml=FILE Log XML format
--log-json=FILE Log JSON format
--log-json-verbose=FILE Log JSON Verbose format
--log-magictree=FILE Log MagicTree XML format
--log-object=FILE Log Ruby object inspection format
--log-mongo-database Name of the MongoDB database
--log-mongo-collection Name of the MongoDB collection. Default: whatweb
--log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0
--log-mongo-username MongoDB username. Default: nil
--log-mongo-password MongoDB password. Default: nil
--log-errors=FILE Log errors
PERFORMANCE & STABILITY:
--max-threads, -t Number of simultaneous threads. Default: 25.
--open-timeout Time in seconds. Default: 60
--read-timeout Time in seconds. Default: 120
--wait=SECONDS Wait SECONDS between connections
This is useful when using a single thread.
HELP & MISCELLANEOUS:
--help, -h This help
--debug Raise errors in plugins
--version Display version information. (WhatWeb 0.4.6)
EXAMPLE USAGE:
whatweb example.com
whatweb -v example.com
whatweb -a 3 example.com
whatweb 192.168.1.0/24
Using WhatWeb on a handful of websites, standard WhatWeb output is in colour.
$ whatweb slashdot.org reddit.com digg.com http://www.engadget.com/ www.whitehouse.gov
http://www.whitehouse.gov [200] Cookies[d], Drupal, RSSFeed[http://www.whitehouse.gov/opensearch/apachesolr_search], Google-Analytics[GA][10791350], HTTPServer[White House], OpenSearch[http://www.whitehouse.gov/opensearch/apachesolr_search], Title[The White House], MD5[5037c644b2934e3897b751e49fed22ef], Footer-Hash[27c5d9f6ed08701f8d27cbc29c0b1753], Tag-Hash[957e5dc85c5fd75df3981e917365bf64], Header-Hash[6ab220f882680f23982afcd35d28da29]
http://reddit.com [302] HTTPServer[AkamaiGHost], RedirectLocation[http://www.reddit.com/], MD5[d41d8cd98f00b204e9800998ecf8427e], Tag-Hash[d41d8cd98f00b204e9800998ecf8427e]
http://digg.com [302] Cookies[d,traffic_control], HTTPServer[Apache], X-Powered-By[PHP/5.2.9-digg8], UncommonHeaders[x-digg-time,keep-alive], RedirectLocation[/news], Tag-Hash[d41d8cd98f00b204e9800998ecf8427e], MD5[d41d8cd98f00b204e9800998ecf8427e]
http://www.reddit.com/ [200] Cookies[reddit_first], Title[reddit.com: where dreams come true], Google-Analytics[GA][12131688], HTTPServer['; DROP TABLE servertypes; --], RSSFeed[/static/reddit.css?v=979b766d30fcfdef667f67feb1cc72ea], PasswordField[passwd,passwd2], JQuery, MD5[81205b7f2719605325806b1e6c9196e9], Header-Hash[754c4c29dadba9a60ed8c05db7c44819], Tag-Hash[d18d7cd019d7d54e2ccb234875ad2419], Footer-Hash[9086bcb16723f874c9cebdb8497731bb]
http://digg.com/news [200] Cookies[d,traffic_control], X-Powered-By[PHP/5.2.9-digg8], HTML5, HTTPServer[Apache], UncommonHeaders[x-digg-time,keep-alive], Title[Digg - The Latest News Headlines, Videos and Images], RSSFeed[http://cdn1.diggstatic.com/img/iphone/icon.63e34426.png], Mobile-Website[Apple iPhone], Tag-Hash[b9e39fdf7d9fc460a3dc3d09ddbbd1a7], MD5[60ae72dd371895711e9873e50d918c96], Header-Hash[6ddd6eeae8ee2ae04a260c724742bf79], Footer-Hash[7a08d0572a2fd995b63b98da3547da36]
http://www.engadget.com/ [200] probably BlogSmithMedia, Cookies[GEO-202_160_48_249], UncommonHeaders[keep-alive], HTTPServer[Apache/2.2], Title[Engadget], RSSFeed[http://www.blogsmithmedia.com/www.engadget.com/media/favicon.ico], PoweredBy[lithium], PasswordField[login-pw,newkey], Mobile-Website[Apple iPhone], MD5[bb16e2f7a2019855a0f16daf9201ce33], Tag-Hash[000596f9ac321916d2fb218855da2354], Header-Hash[40cbd7dad1da86fa8db86b1f67e8c161], Footer-Hash[4c93280680bd3f1bfd5c37439efb9b04]
http://slashdot.org [200] X-Powered-By[Slash 2.005001], Google-Analytics[GA][32013], HTTPServer[Apache/1.3.41 (Unix) mod_perl/1.31-rc4], UncommonHeaders[x-fry,x-varnish,x-xrds-location,slash_log_data], Title[Slashdot - News for nerds, stuff that matters], Mailto[soulskillatslashdotdotorg], RSSFeed[//a.fsdn.com/sd/idlecore-tidied.css?T_2_5_0_303b], PasswordField[upasswd], Tag-Hash[b740b7b0bc46a2f3ff8813ef25a6c5b5], MD5[901702dbfe3f5f86ba4fcad7478b4587], Header-Hash[b7b9e14ea8fb33e711ac1562f91305a9], Footer-Hash[7fafeba5d1d7b9cee5387feed4bf8338]
./whatweb -v www.morningstarsecurity.com
The following types of logging are supported:
–log-brief=FILE Brief, one-line, greppable format
–log-verbose=FILE Verbose
–log-xml=FILE XML format. XSL stylesheet is provided
–log-json=FILE JSON format
–log-json-verbose=FILE JSON verbose format
–log-magictree=FILE MagicTree XML format
–log-object=FILE Ruby object inspection format
–log-mongo-database Name of the MongoDB database
–log-mongo-collection Name of the MongoDB collection. Default: whatweb
–log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0
–log-mongo-username MongoDB username. Default: nil
–log-mongo-password MongoDB password. Default: nil
–log-errors=FILE Log errors. This is usually printed to the screen in red.
You can output to multiple logs simultaneously by specifying multiple command line logging options.
Brief Logging.
Example usage: whatweb --brief-full b.log digg.com
http://digg.com [200] X-Powered-By[PHP/5.2.9-digg8], Cookies[1337,PHPSESSID,ccc], UncommonHeaders[keep-alive], Title[Digg - The Latest News Headlines, Videos and Images], HTTPServer[Apache], Mailto, Header-Hash[2df7eaaa4480f28013aaf48ae9266b84], MD5[24bc43e698e5d1388e836f5eee094fbe], Footer-Hash[ca2ffbc939969a2246cde196f0fc4841], Div-Span-Structure[828d809947c3c760d41c720c9203993b]
This is one connection per line and is search-able with grep.
XML Logging
The XML logging is currently naive and may change. Please contact me if you have suggestions.
Example usage: ./whatweb --log-xml x.log digg.com
Contents of x.log: http://digg.com 302 Cookies d traffic_control HTTPServer Apache MD5 d41d8cd98f00b204e9800998ecf8427e RedirectLocation /news Tag-Hash d41d8cd98f00b204e9800998ecf8427e UncommonHeaders x-digg-time,keep-alive X-Powered-By PHP/5.2.9-digg8 http://digg.com/news 200 Cookies d traffic_control Footer-Hash 7a08d0572a2fd995b63b98da3547da36 HTML5 HTTPServer Apache Header-Hash 6ddd6eeae8ee2ae04a260c724742bf79 MD5 597fa07fcb516ad18711f3b04484080a Mobile-Website Apple iPhone RSSFeed http://cdn1.diggstatic.com/img/iphone/icon.63e34426.png Tag-Hash b9e39fdf7d9fc460a3dc3d09ddbbd1a7 Title Digg - The Latest News Headlines, Videos and Images UncommonHeaders x-digg-time,keep-alive X-Powered-By PHP/5.2.9-digg8
