protocols
tools
web-hacking
source-code
whatweb
Most of what you see on the internet isn't made of magic. It's made of code. Code that someone wrote. Code that, many times, someone forgot to hide.
When you visit a web page, what you're seeing is just a superficial layer. A disguise. A face the server shows you. But behind that look, behind every button, image, or word, there are logical structures, repeated patterns, lines written by someone in a hurry, with ego... or carelessness.
That visible layer is mainly built with HTML and CSS. HTML (HyperText Markup Language) defines the structure of a page: titles, paragraphs, forms, links, images. CSS (Cascading Style Sheets) handles the design—colors, margins, positions. Together they create what you see. What you understand. What you believe is real.
But you're not here to settle for appearances. You're here to look deeper. To do the opposite of what most people do: see the code.
Every time you visit a website, your browser receives plain text instructions to display it. That code lives there, within your reach, if you know how to look for it.
Right-click anywhere on a page and select “View Page Source.” A new tab will open with the site's innards. There's the HTML. There are the comments left by the developer. The paths to resources. The forms. Sometimes even clues that shouldn't be there.
If you want to go even deeper, you can use your browser's developer tools (F12 key or right-click → “Inspect”). This lets you see how the page behaves, what scripts run, what connections are made, and where in the DOM everything happens.
Viewing the source code isn't an advanced technique. It's a habit. A way of thinking. A statement: "I won't settle for what I'm shown, I need to know how it works."
As a hacker, you care not only about what you see. You care about how a website is built. Knowing what technologies are behind it can give you clues about possible weaknesses, misconfigurations, or unlocked doors.
This is where an essential tool comes in: whatweb.
WhatWeb analyzes a web page and automatically detects which technologies are being used. Frameworks, content management systems, plugins, servers, versions... It's like using a technical flashlight to illuminate the backend's dark room.
From your terminal in Kali, you can run it like this:
1whatweb http://<target>
And you'll get a quick analysis: it can tell you if the page uses WordPress, what PHP version runs on the backend, if there's outdated jQuery, and much more.
It's not invasive. It doesn't break anything. It just observes. And on this path, knowing how to observe is as powerful as knowing how to act.
Every line of code you see was written by a person. And people make mistakes.
Some programmers leave comments in the source code, as if no one else will see them. Others embed keys, credentials, internal paths, or messages meant only for themselves. But you're no longer “someone else.” You're learning to see what no one else sees.
When you find a page, don't rush. Pause. Observe. What does the HTML structure tell you? Are there scripts? What are they hiding? What external connections are made? Where does the login form point? What's in the metadata? What technologies does WhatWeb reveal?
Your goal isn't to break, it's to understand. Your best weapon isn't a tool, it's your curiosity. And your biggest mistake would be to blindly trust what you're shown.
Today you'll start training your eyes to look more closely. And even if you don't know it yet, that small gesture—inspecting, reading, inferring—is the beginning of a new way of thinking.
Follow the code. Trace the logic.
The system always leaves traces.
Your task, as a hacker, is to learn to read them.
Every time you enter a website, you start a conversation. That conversation happens through a protocol: HTTP.
HTTP stands for HyperText Transfer Protocol. It's the language your browser and the server use to talk to each other. Every time you click, fill out a form, search for something... all that information is transmitted through this channel.
But HTTP has a problem: it speaks out loud. Everything you send and receive can be intercepted and read if someone is listening. Names, passwords, searches... everything is exposed.
To protect that communication, HTTPS was born, where the "S" stands for Secure. Here, the information travels encrypted, as if you were speaking in code. No one can read what you're saying, even if they're listening. The connection becomes private, secure, hard to tamper with.
When you're looking at a website, checking if it's HTTP or HTTPS isn't just a technical detail. It's a signal. It tells you if your data is protected... or naked.
As a hacker, you'll learn to spot these differences. Because sometimes, even what looks “secure” isn't. And other times, what's unprotected hides open doors that very few know how to see.
HTTP or HTTPS. Out loud or in a whisper. It all depends on how the communication was built.
And now, you're learning to listen to what no one else notices.