Blog

WhatWeb tool for pen testers

July 12, 2010

By Tevora

The tool WhatWeb needs to be added to any pen tester’s arsenal. WhatWeb is not a web vulnerability scanner such as Nikto, Acunetix, and Skipfish, but rather identifies the platform the CMS is running on, a feature not so widely supported. WhatWeb has over 160 plug-ins used to identify many platforms. It uses two types of plug-ins, passive and aggressive. The passive plug-ins will try to identify the web applications using simple GET requests while the aggressive plug-ins use techniques such as URL guessing.

Example from WhatWeb’s project page

Download location

http://www.morningstarsecurity.com/research/whatweb

About the Author

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services. Our combination of collaborative strategic planning and skillful execution make us a trusted partner to some of the most famous brands in the world.

Back to Resource Center

Explore More In-Depth Threat Management & Response Resources

Datasheet Social Engineering & Red Teaming

Social Engineering and Red Teaming

“Red teaming” is a term borrowed from military war games and adapted to the business environm...

Case Study AI Security Program

AI Penetration Testing

As Generative AI (GenAI) becomes cheaper and more prevalent, more companies are seizing the oppor...

Read More about AI Penetration Testing

Webinar Penetration Testing

The Scary Side of Cybersecurity: Why On-Premise Penetration Testing is Key

Join our cyber threat team as they explore the evolving landscape of on-premise penetration testi...

Blog Threat Management & Response

The Worst Case Scenario: What Happened in the CrowdStrike Outage?

The world was recently shaken by a global outage brought about by a faulty software update by Cro...

View Our Resources