Wappalyzer technology discovery browser plugin

tedjamestedjames Scruffy-looking nerfherdrMember Posts: 1,174 ■■■■■■■■□□
Does anybody use the Wappalyzer browser plugin for website technology discovery?

Have you found it to be accurate?

Do you prefer another tool? Builtwith is good, but it works only on external sites (no intranet). Wappalyzer works both internally and externally.

Comments

  • chrisonechrisone Senior Member Member Posts: 2,141 ■■■■■■■■■□
    I have used it in the past and strangely was finding myself using it last night. I was trying to find out a drupal version and the tool only detected the major release 9 and not the subversion 9.1.0 etc. So I got my answer through checking the page source. 

    I rarely use these page extension tools. I don't see myself looking for alternatives, wappalyzer does a good enough job for whatever my needs are. These tools usually just point me in the right direction before I do a full deep dive into the target page's technologies. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,174 ■■■■■■■■□□
    Thanks for the reply! I use it a lot, but I'm always looking for new tools that perform similar actions. Sometimes I want to confirm a finding with another tool.

    Sometimes I can get what I want just using browser DevTools. Checking the source page is a good idea. Whatweb will sometimes find something useful, too.
  • yoba222yoba222 Senior Member Member Posts: 1,205 ■■■■■■■■□□
    edited November 21
    I use it all the time. Another tool I've recently discovered is to use Chrome/Chromium -> developer tools -> run a Lighthouse scan. Gives you all the vulnerable JavaScript libraries, etc. all in one place.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,174 ■■■■■■■■□□
    I forgot about Lighthouse. I'll add that to my checklist. Thanks!

    I also use the Retire.js plugin in my browser and in ZAP.
Sign In or Register to comment.