Wepawet is a platform for the analysis of web-based threats. Wepawet uses a composition of approaches and techniques to execute, trace, analyze, and characterize the activity of code whose execution is triggered by visiting a web page.

Wepawet is developed with two main goals: 1) designing, developing, and validating novel research techniques in the area of web-based malware detection and analysis, and 2) applying these techniques in practice to real security threats.

Publications and Citation

Wepawet is described in the following publications:

If you want to acknowledge the use of Wepawet, please use both of the following two citations:

    author = {Marco Cova and Christopher Kruegel and Giovanni Vigna},
    title = {{Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code}},
    booktitle = {Proceedings of the World Wide Web Conference (WWW)},
    year = 2010,

    key = {Wepawet},
    title = {Wepawet},
    howpublished = "\url{http://wepawet.cs.ucsb.edu}"


The Wepawet team:


Contacting us

Problems, ideas, feedback? We are always happy to hear what you think.

The best way to contact us is via email: wepawet@cs.ucsb.edu.


Copyright Notice: © 2008–2012 The Regents of the University of California. All Rights Reserved.

Access to Wepawet is provided for internal use by end-users only. All other uses are expressly prohibited. Note that many of the research ideas behind Wepawet are brought to the next level by Lastline, Inc., a security company that brings our academic research to the market.

Warranties, or lack thereof: This service is offered “as is”, without warranty of any kind; we shall not be liable for any damages caused by the use of this service. Notice in particular that while we do our best to make Wepawet accurate, there may be errors in the results that it provides: for example, a benign site may be flagged as malicious, and a malicious resource may be considered benign. Use your judgment when acting on the results of this service.

Data sharing: Data submitted to this service may be re-used in other projects and research of our group. Furthermore, it may be shared with trusted members of the security community to enhance our collective malware intelligence, improve tools, and general goodwill. Let us know if this is cause for concern: we can probably find a way to work with you.

Privacy: When you use this service, we keep track of your IP address for monitoring and management purposes. Furthermore, we rely on a number of third-party services to provide additional services and functionalities: Google Analytics for web analytics, Disqus and Google Docs for commenting and feedback. Please, refer to their privacy policies for more details on what information they collect on you.