Skip to main content

WhatWeb Guide (2026): Identifying Website Technologies Like a Pro

 


Welcome back to CyberShield! Amra ager post-e Nmap diye network scanning shikhechi. Kintu jokhon apnar target ekti website hoy, tokhon shudhu port scan korle hoy na; apnake jante hoy shei site-ti kon technology diye toiri.

Ajke amra ekti powerful reconnaissance tool niye alochona korbo, jar nam holo WhatWeb.

WhatWeb Ki?

WhatWeb holo ekti open-source "Next-generation web scanner." Eti ekti website-er technology stack identify korte babohar kora hoy. Mane, ekti site kon CMS (Content Management System), kon web server, kon programming language, ebong kon kon plugin babohar korche, ta WhatWeb ekti command-er maddhome bole dite pare.

WhatWeb Keno Babohar Korben?

Passive Reconnaissance-er khetre WhatWeb khub-i guruttopurno. Eti diye niche-r jinish gulo khuje paoa jay:

  • CMS Discovery: Site-ti ki WordPress, Joomla, naki Drupal?

  • Web Server Information: Server-ti ki Apache, Nginx, naki Microsoft-IIS?

  • Frameworks: Site-ti ki React, Vue.js, naki Laravel babohar korche?

  • Plugins & Widgets: Kon kon tracker (jemon Google Analytics) ba security plugin use kora hocche.

  • IP Address & Country: Server-er location ebong IP.

Essential WhatWeb Commands and Flags

WhatWeb babohar kora khub-i shohoj. Kali Linux terminal-e niche-r command gulo try korun:

Command

Description

whatweb <URL>

Simple scan (Single website).

whatweb -v <URL>

Verbose Mode: Technology gulo niye bistarito info dekhabe.

whatweb -a 3 <URL>

Aggressive Scan: Beshi level-er depth scanning (Eti detection-er risk baray).

whatweb -i <file.txt>

Bulk Scan: Ekti file theke onek gulo URL eksathe scan kora.

whatweb --no-errors <URL>

Scan korar somoy error message gulo skip korbe.

Practical Example: Identifying a Target

Dhorun, apni ekti target site example.com test korchen.

1. Basic Scan

whatweb example.com

Ekhane apni ekti summary paben, jemon: [200 OK] Apache[2.4.41], WordPress[6.4], PHP[7.4.3], Google-Analytics[UA-XXXXX].

2. Deep Analysis (Verbose)

whatweb -v example.com

Verbose mode-e apni protiti plugin-er version ebong developer-er details-o dekhte paben. Version jante parle, apni shei specific version-er jonno kono known vulnerability (CVE) ache kina ta search korte parben.

How it Helps in Pentesting?

Professional hackers-ra WhatWeb use kore target-er "Attack Surface" bujhar jonno.

  • Jodi WhatWeb dekhay je site-ti ekti Old WordPress Version use korche, tokhon hacker-ra shei version-er exploit khuje ber kore.

  • Jodi dekhay server-ti Outdated Nginx use korche, tokhon server-level-e attack kora shohoj hoy.

How to Protect Your Website?

Website owner hishebe apni kivabe technology reveal kora bondho korben?

  1. Hide Header Information: Web server config theke "Server Token" bondho kore din.

  2. Security Plugins: WordPress hole "Hide My WP" er moto plugin use kora jay.

  3. WAF (Web Application Firewall): Cloudflare-er moto WAF use korle scan kora kothin hoye pore.

  4. Update Regularly: Shob somoy software ebong plugins update rakhun jate technology stack reveal holeo keu known exploit use korte na pare.

Conclusion

WhatWeb reconnaissance-er ekti khub-i effective tool. Eti choto kintu pro-level-er result dey. Apnar ethical hacking journey-te target-ke bhalobhabe chinar jonno WhatWeb-er proyog oboshshoi shikhte hobe.


Final Note: Unauthorized reconnaissance on websites you don't own can be against their terms of service. Use this tool ethically for research and authorized security audits.


Comments

Popular posts from this blog

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Ethical Hacking & Penetration Testing Roadmap (2026)

A Complete Beginner-to-Professional Guide Why Learn Ethical Hacking? In today’s digital environment, organizations constantly face cyber threats. Ethical hackers play a key role in identifying vulnerabilities before attackers can exploit them. This field offers: High demand career opportunities Continuous learning Multiple income streams (job, bug bounty, freelancing) Quick Overview of the Roadmap This roadmap is divided into 7 practical stages: Fundamentals Web Security Hands-on Practice Tools Mastery Real-World Testing Reporting Skills Specialization Stage 1: Fundamentals (Build Your Base) Before touching any hacking tools, you must understand the basics. Networking IP Addressing TCP/UDP DNS & HTTP/HTTPS Operating Systems Linux (essential) Windows basics Programming Python (automation) JavaScript (web understanding) Stage 2: Web Security (Core Skills) Focus on the most common vulnerabilities: SQL Injection Cross-Site Scripting (XSS) Broken Access Control (IDOR) File Inclusion SSR...

WHOIS Lookup (2026): Uncovering Domain Ownership & Server Details

  Welcome to another segment of our Information Gathering series! In our previous post, we explored WhatWeb to identify a website's internal technology stack. However, to understand who is behind a website, when it was registered, or which company manages its infrastructure, we need a technique called WHOIS Lookup . WHOIS is a fundamental footprinting method used by penetration testers to gather domain-level intelligence. What is WHOIS? WHOIS (pronounced as the phrase "who is") is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name or an IP address block. Essentially, it acts as a public directory providing details about domain ownership, registration dates, expiry dates, and authoritative name servers. Why is it Important for Ethical Hackers? For a security researcher, a WHOIS lookup is vital for several reasons: Ownership Identity: Identifies the person or organization ...