Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

WHATWEB(1)							    WHATWEB(1)

NAME
       WhatWeb	-  Next	 generation Web scanner. Identify technologies used by
       websites.

SYNOPSIS
       whatweb [options] <URLs>

DESCRIPTION
       WhatWeb identifies websites. It's goal is to answer the question, "What
       is  that	 Website?". WhatWeb recognises web technologies including con‐
       tent management systems (CMS), blogging platforms,  statistic/analytics
       packages,  JavaScript  libraries,  web  servers,	 and embedded devices.
       WhatWeb has over 1700 plugins, each to recognise	 something  different.
       WhatWeb also identifies version numbers, email addresses, account ID's,
       web framework modules, SQL errors, and more.

       WhatWeb can be stealthy and fast, or thorough but  slow.	 WhatWeb  sup‐
       ports  an  aggression  level to control the trade off between speed and
       reliability. When you visit a website in your browser, the  transaction
       includes many hints of what web technologies are powering that website.
       Sometimes a single webpage visit contains enough information  to	 iden‐
       tify  a	website but when it does not, WhatWeb can interrogate the web‐
       site further. The default level of aggression, called 'passive', is the
       fastest	and requires only one HTTP request of a website. This is suit‐
       able for scanning public websites. More aggressive modes were developed
       for in penetration tests.

       Most  WhatWeb  plugins  are thorough and recognise a range of cues from
       subtle to obvious. For example, most WordPress websites can be  identi‐
       fied  by the meta HTML tag, e.g. '<meta name="generator" content="Word‐
       Press 2.6.5">', but a minority of WordPress websites remove this	 iden‐
       tifying	tag  but  this	does not thwart WhatWeb. The WordPress WhatWeb
       plugin has over 15 tests, which include checking the  favicon,  default
       installation files, login pages, and checking for "/wp-content/" within
       relative links.

       Features:

	    * Over 1700 plugins

	    * Control the trade off between speed/stealth and reliability

	    * Performance tuning. Control how many websites  to	 scan  concur‐
       rently.

	    *  Multiple	 log  formats: Brief (greppable), Verbose (human read‐
       able), XML, JSON, MagicTree, RubyObject, MongoDB, SQL.

	    * Proxy support including TOR

	    * Custom HTTP headers

	    * Basic HTTP authentication

	    * Control over webpage redirection

	    * Nmap-style IP ranges

	    * Fuzzy matching

	    * Result certainty awareness

	    * Custom plugins defined on the command line

TARGET SELECTION
       <URLs> Enter URLs, filenames or nmap-format IP ranges.  Use  /dev/stdin
	      to pipe HTML directly

       --input-file=FILE -i
	      Identify URLs found in FILE

TARGET MODIFICATION
       --url-prefix
	      Add a prefix to target URLs

       --url-suffix
	      Add a suffix to target URLs

       --url-pattern
	      Insert  the  targets  into  a  URL.  Requires  --input-file, eg.
	      www.example.com/%insert%/robots.txt

AGGRESSION
       The aggression level controls the trade-off between  speed/stealth  and
       reliability.

       --aggression -a=LEVEL
	      Set the aggression level. Default: 1.

	1.  Stealthy	    Makes one HTTP request per target and also follows
       redirects.
	3. Aggressive	  If a level 1 plugin is matched, additional  requests
       will be made.
	4.  Heavy	    Makes a lot of HTTP requests per target. URLs from
       all plugins are attempted.

HTTP OPTIONS
       --user-agent, -U=AGENT
	      Identify as AGENT instead of WhatWeb/0.4.9.

       --header, -H
	      Add an HTTP header. eg "Foo:Bar". Specifying  a  default	header
	      will  replace  it. Specifying an empty value, e.g. "User-Agent:"
	      will remove it.

       --follow-redirect=WHEN
	      Control when to follow redirects. WHEN may  be  `never',	`http-
	      only',  `meta-only',  `same-site',  `same-domain'	 or  `always'.
	      Default: always.

       --max-redirects=NUM
	      Maximum number of redirects. Default: 10.

AUTHENTICATION
       --user, -u=<user:password>
	      HTTP basic authentication.

       --cookie, -c=COOKIES
	      Use cookies, e.g. 'name=value; name2=value2'.

PROXY
       --proxy <hostname[:port]> Set proxy hostname and port. Default: 8080.

       --proxy-user
	      <username:password> Set proxy user and password.

PLUGINS
       --list-plugins, -l
	      List all plugins.

       --info-plugins, -I=[SEARCH]
	      List all plugins with detailed  information.  Optionally	search
	      with keywords in a comma delimited list.

       --search-plugins=STRING
	      Search plugins for a keyword.

       --plugins, -p=LIST
	      Select  plugins. LIST is a comma delimited set of selected plug‐
	      ins. Default is all.  Each element can be a directory,  file  or
	      plugin name and can optionally have a modifier, +/-.

       Examples: +/tmp/moo.rb,+/tmp/foo.rb
	      title,md5,+./plugins-disabled/
	      -p + is a shortcut for -p +plugins-disabled.

       --grep, -g=STRING
	      Search for STRING in HTTP responses. Reports with a plugin named Grep.

       --custom-plugin=DEFINITION
	      Define a custom plugin named Custom-Plugin,

       Examples: ":text=>'powered by abc'"
       ":version=>/powered[ ]?by ab[0-9]/"
       ":ghdb=>'intitle:abc
       ":md5=>'8666257030b94d3bdb46e05945f60b42'"
       "{:text=>'powered by abc'}"

       --dorks=PLUGIN
       List Google dorks for the selected plugin.

OUTPUT
       --verbose, -v
	      Verbose  output  includes	 plugin	 descriptions.	Use  twice for
	      debugging.

       --colour,--color=WHEN
	      control whether colour is used. WHEN may be  `never',  `always',
	      or `auto'.

       --quiet, -q
	      Do not display brief logging to STDOUT.

       --no-errors
	      Suppress error messages.

LOGGING
       --log-brief=FILE
	      Log brief, one-line output.

       --log-verbose=FILE
	      Log verbose output.

       --log-errors=FILE
	      Log errors.

       --log-xml=FILE
	      Log XML format.

       --log-json=FILE
	      Log JSON format.

       --log-sql=FILE
	      Log SQL INSERT statements.

       --log-sql-create=FILE
	      Create SQL database tables.

       --log-json-verbose=FILE
	      Log JSON Verbose format.

       --log-magictree=FILE
	      Log MagicTree XML format.

       --log-object=FILE
	      Log Ruby object inspection format.

       --log-mongo-database
	      Name of the MongoDB database.

       --log-mongo-collection
	      Name of the MongoDB collection. Default: whatweb.

       --log-mongo-host
	      MongoDB hostname or IP address. Default: 0.0.0.0.

       --log-mongo-username
	      MongoDB username. Default: nil.

       --log-mongo-password
	      MongoDB password. Default: nil.

       --log-elastic-index
	      Name of the index to store results. Default: whatweb

       --log-elastic-host
	      Host:port	   of	 the	elastic	  http	 interface.   Default:
	      127.0.0.1:9200s

PERFORMANCE & STABILITY
       --max-threads, -t
	      Number of simultaneous threads. Default: 25.

       --open-timeout
	      Time in seconds. Default: 15.

       --read-timeout
	      Time in seconds. Default: 30.

       --wait=SECONDS
	      Wait SECONDS between connections. This is useful	when  using  a
	      single thread.

HELP & MISCELLANEOUS
       --short-help
	      Short usage help.

       --help, -h
	      Complete usage help.

       --debug
	      Raise errors in plugins.

       --version
	      Display version information.

EXAMPLE USAGE
       Scan example.com.
	       ./whatweb example.com

       Scan reddit.com slashdot.org with verbose plugin descriptions.
	       ./whatweb -v reddit.com slashdot.org

       An aggressive scan of wired.com detects the exact version of WordPress.
	       ./whatweb -a 3 www.wired.com

       Scan the local network quickly and suppress errors.
	       whatweb --no-errors 192.168.0.0/24

       Scan the local network for https websites.
	       whatweb --no-errors --url-prefix https://192.168.0.0/24

       Scan for crossdomain policies in the Alexa Top 1000.
	       ./whatweb  -i plugin-development/alexa-top-100.txt --url-suffix
	      /crossdomain.xml -p crossdomain_xml

BUGS
       Report bugs  and	 feature  requests  to	https://github.com/urbanadven‐
       turer/WhatWeb

AUTHOR
       WhatWeb	was  written by Andrew Horton aka urbanadventurer, and Brendan
       Coles.

HOMEPAGE
       http://www.morningstarsecurity.com/research/whatweb

			      November 23rd, 2017		    WHATWEB(1)

Vote for polarhome