There is no point starting a pentest against a web application without knowing what the actual technology behind it is. For example, it would be absolutely useless to run dirsearch to look for files with the extension .php
when the technology is actually ASP.NET. So, in this recipe, we will learn to use a simple tool whatweb
to understand the technology behind a web app. It comes by default in Kali.
It can also be installed manually from the URL https://github.com/urbanadventurer/WhatWeb.
The use of whatweb
can be done as follows:
- The tool can be launched by using the following command:
whatweb
The following screenshot shows the output of the preceding command:
- The domain name can be given as a parameter, or multiple domain names can be entered by using a
--input-file
argument:
whatweb hostname.com
The following screenshot shows the output of the preceding command: