Wappalyzer – Website Technology Identifier

Overview

In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier.

Wappalyzer is a tool that identifies technologies used on a website, such as CMS, web frameworks, eCommerce platforms, JavaScript libraries, analytics tools and more. It is also fast and easy to use. Wappalyzer is a free tool but more advanced services like access to their API require a monthly subscription. Fortunately, Wappalyzer is an open-source project, so you download their code from their GitHub.

How to use Wappalyzer

Wappalyzer lookup

The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of the target website and its technology will be identified. However, you may be requested to sign up (free) to use the service.

Wappalyzer Chrome Extention

The best way to use Wappalyzer is to add the Wappalyzer chrome extension. With the extension added, just use your browser to navigate to the target website. Click on the Wappalyzer extension and all the information will be displayed in a small window. This is very convenient to use and there is also no need for any sign-ups.

Wappalyzer Command Line Interface (CLI)

For a more automated approach, you can download Wappalyzer from their GitHub page. For an npm installation on Kali Linux, follow the installation guide here and then here. After installation, navigate to the npm file and run the programme from the command line :

wappalyzer <URL> <other options>

In the example below, I use the command :

wappalyzer https://tastyfix.com -P -e

Here tastyfix.com is my target website, -P is a pretty print to make the JSON output look nice, and -e is to output additional information.

Unfortunately, Wapplyzer does not have a function to store the output. Thus, we can use the tee command to save the output to a file (JSON).

Help Menu Overview

Conclusion

Wappalyzer is a website technology identifier that is free and very useful. By understanding the technologies used by your target, you will have a better grasp of how to attack them. What we have covered in the command line interface is only the basics, so I recommend you explore deeper to get the most optimized information you require for your penetration test.

Related articles

5 Popular Open Source Tools for Reconnaissance

DNSrecon – DNS reconnaissance for Penetration Testing 

Sublist3r – Subdomain Finder for Pentesting

theHarvester – Email Harvesting & Social Engineering

Ffuf – URL Directory Finder/Fuzzer

Leave a Reply

Your email address will not be published. Required fields are marked *