In the information-gathering stage of penetration testing, we must know the technologies used by the target so that we can plan our attacks. One tool that can help with this is Wappalyzer, a website technology identifier.
How to use Wappalyzer
The simplest way to use Wappalyzer is through their website lookup page. Simply input the URL of the target website and its technology will be identified. However, you may be requested to sign up (free) to use the service.
Wappalyzer Chrome Extention
The best way to use Wappalyzer is to add the Wappalyzer chrome extension. With the extension added, just use your browser to navigate to the target website. Click on the Wappalyzer extension and all the information will be displayed in a small window. This is very convenient to use and there is also no need for any sign-ups.
Wappalyzer Command Line Interface (CLI)
For a more automated approach, you can download Wappalyzer from their GitHub page. For an npm installation on Kali Linux, follow the installation guide here and then here. After installation, navigate to the npm file and run the programme from the command line :
wappalyzer <URL> <other options>
In the example below, I use the command :
wappalyzer https://tastyfix.com -P -e
Here tastyfix.com is my target website, -P is a pretty print to make the JSON output look nice, and -e is to output additional information.
Unfortunately, Wapplyzer does not have a function to store the output. Thus, we can use the tee command to save the output to a file (JSON).
Help Menu Overview
Wappalyzer is a website technology identifier that is free and very useful. By understanding the technologies used by your target, you will have a better grasp of how to attack them. What we have covered in the command line interface is only the basics, so I recommend you explore deeper to get the most optimized information you require for your penetration test.