Skip to main content

whatweb

whatweb is a next-generation web scanner integrated into Canva workflows, designed to identify websites and recognize various web technologies, including content management systems, JavaScript libraries, and web servers. It serves as an essential reconnaissance tool, enabling automated security assessments by discovering technologies in use on target sites.

Ideal Use Cases & Fit

whatweb excels in scenarios requiring the identification of web technologies during the reconnaissance phase of security assessments. It is particularly effective when analyzing multiple URLs or hosts provided in a newline-separated file format. This tool is beneficial for security teams looking to understand the technology stack of web applications quickly. However, it is less suitable for deep vulnerability assessments or performance testing, where specialized tools may be preferred.

Value in Workflows

In security workflows, whatweb adds significant value during the early reconnaissance stages, enabling teams to gather contextual information about web applications before executing more in-depth scans. It can be integrated into automated sequences that feed data into vulnerability assessment tools or reporting systems, thus streamlining the information-gathering process.

Input Data

The tool expects input data in a newline-separated format, consisting of URLs or hosts. The required field is target, and an example input might look like:

https://example1.com
https://example2.com
example3.com

Configuration

  • quiet: Controls logging output to STDOUT; set to true for minimal logs.
  • no-errors: Suppresses error messages during execution; defaults to true.
  • proxy: Enables proxy settings; specify the hostname and port.
  • proxy-user: Optionally set authentication for proxy connections.
  • aggression: Adjusts the aggression level of scanning; range from stealthy (1) to heavy (4).
  • user-agent: Identifies the scanner with a specified user agent string.
  • header: Adds custom HTTP headers to requests.
  • follow-redirect: Configures how redirects are handled; options include never, HTTP-only, and always.
  • max-redirects: Specifies the maximum number of allowable consecutive redirects.
  • user: Sets HTTP basic authentication credentials.
  • cookie: Sends specified cookies with requests.
  • url-prefix: Adds a prefix to each target URL for flexibility.
  • url-suffix: Adds a suffix to each target URL for specific context.
  • plugins: Allows the selection of specific plugins for tailored scanning.
  • grep: Searches and filters results based on specified strings or regular expressions.
  • open-timeout: Sets the connection timeout duration in seconds (default 15).
  • read-timeout: Defines the read timeout duration in seconds (default 30). Updated: 2026-02-10