Skip to Content

Where are CISOs focusing in 2025? Download Report

Dark teal and black gradient

Blog

WhatWeb tool for pen testers

The tool WhatWeb needs to be added to any pen tester’s arsenal. WhatWeb is not a web vulnerability scanner such as Nikto, Acunetix, and Skipfish, but rather identifies the platform the CMS is running on, a feature not so widely supported. WhatWeb has over 160 plug-ins used to identify many platforms. It uses two types of plug-ins, passive and aggressive. The passive plug-ins will try to identify the web applications using simple GET requests while the aggressive plug-ins use techniques such as URL guessing.

Example from WhatWeb’s project page

Download location

http://www.morningstarsecurity.com/research/whatweb

Explore More In-Depth Threat Management & Response Resources

View Our Resources