Wappalyzer technology discovery browser plugin
tedjames
Member Posts: 1,182 ■■■■■■■■□□
in Pentesting
Does anybody use the Wappalyzer browser plugin for website technology discovery?
Have you found it to be accurate?
Do you prefer another tool? Builtwith is good, but it works only on external sites (no intranet). Wappalyzer works both internally and externally.
Comments
-
chrisone
Member Posts: 2,278 ■■■■■■■■■□
I have used it in the past and strangely was finding myself using it last night. I was trying to find out a drupal version and the tool only detected the major release 9 and not the subversion 9.1.0 etc. So I got my answer through checking the page source.
I rarely use these page extension tools. I don't see myself looking for alternatives, wappalyzer does a good enough job for whatever my needs are. These tools usually just point me in the right direction before I do a full deep dive into the target page's technologies.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
Thanks for the reply! I use it a lot, but I'm always looking for new tools that perform similar actions. Sometimes I want to confirm a finding with another tool.Sometimes I can get what I want just using browser DevTools. Checking the source page is a good idea. Whatweb will sometimes find something useful, too.
-
yoba222
Member Posts: 1,237 ■■■■■■■■□□
I use it all the time. Another tool I've recently discovered is to use Chrome/Chromium -> developer tools -> run a Lighthouse scan. Gives you all the vulnerable JavaScript libraries, etc. all in one place.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
tedjames
Member Posts: 1,182 ■■■■■■■■□□
I forgot about Lighthouse. I'll add that to my checklist. Thanks!I also use the Retire.js plugin in my browser and in ZAP.