Wappalyzer #1245

Sh4d0wHunt3rX · 2024-04-10T13:19:32Z

Sh4d0wHunt3rX
Apr 10, 2024

The number and the accuracy of technologies, even with some detailed version numbers I can see in the wappalyzer chrome extension is really different than what we get in bbot.

For example for this link, wappalyzer shows these in extension

https://flightio.com/_next/static/chunks/1185.7623cc08b888fa76.js

I was wondering if there is any way to get the tech info directly from the browser extension without using API.

Not sure if these are related:
projectdiscovery/httpx#959 (comment)
https://github.com/ethicalhackingplayground/wappalyzer

TheTechromancer · 2024-04-10T14:14:57Z

TheTechromancer
Apr 10, 2024

Part of the reason is because our wappalyzer signatures are out of date. Right now we're using python-wappalyzer, which is no longer being maintained, and hasn't seen an update in a while. I've been working to update this, but met some resistance:

projectdiscovery/wappalyzergo#70
lissy93/wapalyzer#6

With wappalyzer suddenly going closed-source, there's a lot of chaos. I'd like to bring our wappalyzer signatures fully up-to-date, and also implement a headless browser with the wappalyzer extension (possibly replacing gowitness with playwright). These are tasks that definitely need doing, but right now they're not high priority.

In the meantime you might have better luck using gowitness or nuclei's tech detection.

1 reply

Sh4d0wHunt3rX Apr 10, 2024
Author

Woow, thanks a lot for this great info 🙏

Sh4d0wHunt3rX · 2025-01-07T15:02:15Z

Sh4d0wHunt3rX
Jan 7, 2025
Author

So, this is new, seems get info from a headless browser:
https://github.com/s0md3v/wappalyzer-next

0 replies

TheTechromancer · 2025-03-04T18:04:18Z

TheTechromancer
Mar 4, 2025

With Webcap released, we're back to thinking about technology detection:

Technology Detection webcap#43

Wappalyzer isn't super reliable in the browser. Nuclei's tech detection is fine but isn't portable to other code. Wappalyzergo is CPU heavy because it uses regex.

Ideally the signatures should be aggregated and converted to YARA rules or something similar, but nobody has time to do that.

@Sh4d0wHunt3rX do you have any tricks for this?

0 replies

Sh4d0wHunt3rX · 2025-03-04T19:20:22Z

Sh4d0wHunt3rX
Mar 4, 2025
Author

Hey, unfortunately, my knowledge is low : ( , but maybe these are helpful to look at:

https://github.com/enthec/webappanalyzer
https://github.com/s0md3v/wappalyzer-next

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wappalyzer #1245

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 4 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Wappalyzer #1245

Uh oh!

Uh oh!

Sh4d0wHunt3rX Apr 10, 2024

Replies: 4 comments · 1 reply

Uh oh!

Uh oh!

TheTechromancer Apr 10, 2024

Uh oh!

Sh4d0wHunt3rX Apr 10, 2024 Author

Uh oh!

Sh4d0wHunt3rX Jan 7, 2025 Author

Uh oh!

TheTechromancer Mar 4, 2025

Uh oh!

Sh4d0wHunt3rX Mar 4, 2025 Author

Sh4d0wHunt3rX
Apr 10, 2024

Replies: 4 comments 1 reply

TheTechromancer
Apr 10, 2024

Sh4d0wHunt3rX Apr 10, 2024
Author

Sh4d0wHunt3rX
Jan 7, 2025
Author

TheTechromancer
Mar 4, 2025

Sh4d0wHunt3rX
Mar 4, 2025
Author