WhatWeb Files

Version 0.6.1 - August 2, 2025

Changelog: * Updated version from 0.5.5 to 0.6.1 * Improved SSL/TLS security with comprehensive cipher suite support (TLSv1, TLSv1.1, TLSv1.2, SSLv3, SSLv2) - Added SSL_ATTRIBUTES constant for verify_mode - Replaced dynamic SSL parameter collection with explicit SSLContext configuration - Set verify_mode to VERIFY_NONE for maximum compatibility - Enabled negotiation of all SSL/TLS versions including legacy SSLv2/SSLv3 * Enhanced HTTPS connection handling with optimized verification settings - Cleared minimum version restrictions and disabled protocol exclusion flags - Added fallback handling for different OpenSSL configurations * Added dual-protocol feature: simple hostnames (without paths or ports) are now scanned using both HTTP and HTTPS protocols - Automatically creates and tests both HTTP and HTTPS versions of simple hostnames - Shows informational message when dual-protocol scanning is performed - Intelligently detects and avoids duplicate URL scanning with redirect handling * Added robust input validation and error handling - Automatically aborts processing after 10 consecutive parsing errors - Prevents wasted resources when processing invalid data sources - Provides helpful error messages to guide users in troubleshooting input issues - Handles various error cases including malformed URLs and non-URL input data * Improved dependency management with Bundler group support - Reorganized Gemfile with proper optional group definitions for mongo and rchardet - Added clear installation instructions for optional dependencies - Set explicit version constraints for test dependencies - Added support for older Bundler versions through GEMFILE_GROUPS environment variable * Expanded documentation for optional dependencies - Added detailed installation instructions for MongoDB support - Added clear steps for character set detection configuration - Provided combined installation commands for all optional features - Improved explanation of performance implications

This release introduces three new search contexts for plugin authors to use: - uri.path - uri.query - uri.extension

An example of how to use this is from the PHP plugin.

# File Extension
{ :name=>"File extension", :regexp=>/^(php|phtml|php3|php4|php5|phps)$/, :search=>"uri.extension" }

FIXES

• [#311] - JSON Logging fails... UTF-8 can't modify frozen String (@juananpe)

MISC

• Refactored Helper::convert_to_utf8. Droped Ruby 2.0 support (@urbanadventurer)
• Added new search contexts for plugins: uri.path, uri.query, uri.extension (@urbanadventurer)

NEW PLUGINS

• Plex Media Server (@urbanadventurer)
• Meta-Facebook-Infrastructure (@urbanadventurer)
• Netflix-Platform (@urbanadventurer)
• VKontakte-Platform (@urbanadventurer)
• Distributed-Tracing (@urbanadventurer)
• Modern-Security-Headers (@urbanadventurer)
• Baidu-Platform (@urbanadventurer)
• Alibaba-Aliyun (@urbanadventurer)
• Weibo-Platform (@urbanadventurer)

PLUGIN UPDATES

• Adobe-Flash (@urbanadventurer)
• ASP_NET (@urbanadventurer)
• ColdFusion (@urbanadventurer)
• Drupal (@gboddin)
• Java (@urbanadventurer)
• Perl (@urbanadventurer)
• PHP (@urbanadventurer)
• Python (@urbanadventurer)
• Ruby (@urbanadventurer)
• TYPO3 (@definity)
• WordPress (@juananpe)
• Shopify (enhanced HTTP header detection) (@urbanadventurer)
• CloudFlare (enhanced with CF-RAY and other headers) (@urbanadventurer)
• CloudFront (renamed to Amazon-CloudFront and enhanced) (@urbanadventurer)
• Tengine Web Server (added Alibaba-specific headers) (@urbanadventurer)
• Content-Security-Policy (added modern CSP headers) (@urbanadventurer)
• Azure (renamed to Microsoft-Azure and enhanced) (@urbanadventurer)