Introduction
Information gathering is the first and most important phase of penetration testing. WhatWeb is a popular reconnaissance tool included in Kali Linux that identifies website technologies such as CMS, server type, IP address, JavaScript libraries, and more. This guide explains how to run WhatWeb scans with practical examples.
Tools Used in This Guide
To follow this tutorial smoothly, having reliable basic hardware helps avoid performance issues:
What Is WhatWeb?
WhatWeb is a web scanner used to fingerprint websites. It detects technologies like Apache, Nginx, WordPress, PHP, Google Analytics, and security tools running on a target. This makes it valuable for ethical hackers performing reconnaissance and vulnerability assessments.
Basic WhatWeb Scan Command
To run a simple scan and quickly detect technologies, use:
whatweb <domain name>
Example:
whatweb www.menofletter.com
This will show basic plugin results such as server type and script details.
ย
Using Verbose Mode in WhatWeb
Verbose mode provides more detailed information, including plugin descriptions and additional fingerprint data.
whatweb <domain name> -v
Example:
whatweb www.menofletter.com -v
Verbose output helps during penetration testing when you want to understand why a certain technology was detected.
ย
Save WhatWeb Scan Results to a File
You can store the results for analysis later using:
whatweb <domain name> –log-brief=<file name>
Example:
whatweb www.menofletter.com –log-brief=result.txt
This is especially useful when working with multiple targets.
More Useful WhatWeb Options
Here are a few additional scanning options worth knowing:
| Option | Description |
|---|---|
--aggression=N | Controls scan intensity (1โ5) |
--open-timeout=X | Sets timeout for slow servers |
--no-errors | Hides error messages during scan |
-a | Shortcut for aggression level |
You can explore additional flags using:
whatweb –help
Final Takeaway
WhatWeb is a fast and effective tool for fingerprinting websites during penetration testing. With the simple commands above, beginners can quickly gather valuable intel about a target website.
If you’d like, I can also create a downloadable cheatsheet or add more advanced examples like scanning multiple hosts or using proxy support. Just let me know. ๐
Recommended Lab Setup Checklist
If you plan to practice regularly, this simple setup works well:
- External SSD for virtual machines
- 16GB+ RAM for smooth multitasking
- Reliable USB drive for Linux installations
๐งช New to cybersecurity?
Start here: Beginner Home Cybersecurity Lab Setup (2026)
Beginner Home Cybersecurity Lab Setup (2026 Guide) โ Build a Safe Practice Environment