How to Find Vulnerabilities in Websites Using WhatWeb, SearchSploit, and Other Tools (Ethical Guide)

Disclaimer:
This tutorial is for educational purposes only. Do not scan or test any website that you do not own or have written permission to test. Unauthorized scanning is illegal and unethical.

Introduction

Before exploiting vulnerabilities, ethical hackers or security professionals start with reconnaissance — learning as much as possible about the target system. This phase is crucial because it tells you what technologies are being used and where known vulnerabilities may exist.

Let’s go through a basic process using tools like:

• WhatWeb

• Nmap

• SearchSploit

• Wappalyzer (optional browser tool)

• Nikto

1. WhatWeb – Identify Web Technologies

Purpose: WhatWeb identifies technologies used by a website (CMS, frameworks, web servers, etc.)

Installation:

sudo apt install whatweb

Usage:

whatweb https://example.com

Example Output:

Now you know this site runs on Apache, PHP 8.2.29, and WordPress. These details are key for vulnerability matching.

2. Nmap – Port Scanning & Service Detection

Purpose: Nmap scans open ports and detects running services and versions.

Installation:

sudo apt install nmap

Usage:

nmap -sV -T4 example.com

Common Flags:

• -sV = service/version detection

• -T4 = faster execution

Output Example:

PORT    STATE SERVICE  VERSION
80/tcp  open  http     Apache httpd 2.4.29
443/tcp open  https    OpenSSL 1.1.1

You now know what versions of web services are exposed.

3. SearchSploit – Find Known Exploits for Found Technologies

Purpose: SearchSploit helps you search for public exploits related to known software.

Installation:

sudo apt install exploitdb

Usage:

searchsploit apache 2.4.29

This will list any known vulnerabilities for Apache 2.4.29 from the Exploit-DB.

To search for WordPress:

searchsploit wordpress 5.5

To copy and view a specific exploit:

searchsploit -m exploits/php/webapps/46635.txt

4. Nikto – Web Server Vulnerability Scanner

Purpose: Nikto checks for dangerous files, outdated software, and known vulnerabilities.

Installation:

sudo apt install nikto

Usage:

nikto -h https://example.com

Nikto can detect common misconfigurations, outdated server software, and default files.

5. Wappalyzer (Optional GUI Tool)

Purpose: It’s a browser extension that shows the tech stack of a website, including JS libraries, analytics tools, CMS, etc.

Install it from Chrome/Firefox extensions store.

6. Combine and Analyze

Once you gather all the following:

• Web server and software versions from WhatWeb and Nmap

• Known vulnerabilities via SearchSploit

• Misconfigurations from Nikto

You can correlate this info to find exploitable points (if any).

Final Notes

• Always get legal permission before testing.

• Keep tools and exploit databases updated.

• Not all detected software is vulnerable — check CVEs and verify.

• Focus on responsible disclosure if you find a real issue.

Quick Example Flow:

whatweb example.com

nmap -sV example.com

searchsploit apache 2.4.29

nikto -h example.com

This is the basic workflow for beginner-level vulnerability assessment using open-source tools.