Description
Wappalyzer identifies technologies used on websites including CMS platforms, JavaScript frameworks, e-commerce platforms, analytics tools, and server software. Available as a browser extension, CLI tool, and API. Knowing the tech stack helps identify version-specific vulnerabilities.
Installation
BASH
# Browser extension (recommended for quick checks)
# Chrome/Firefox: Install from browser extension store
# NPM CLI
npm install -g wappalyzer
# Docker
docker pull AliasIO/wappalyzerBasic Usage
BASH
# Analyze a website
wappalyzer https://target.com
# JSON output
wappalyzer https://target.com --pretty
# Multiple URLs
wappalyzer https://target1.com https://target2.comAdvanced Usage
BASH
# Custom User-Agent
wappalyzer https://target.com --user-agent "Mozilla/5.0"
# Recursive crawling
wappalyzer https://target.com --max-depth 3
# With authentication
wappalyzer https://target.com --header "Cookie: session=abc"
# Timeout
wappalyzer https://target.com --max-wait 10000
# Probe multiple endpoints
cat urls.txt | xargs -I{} wappalyzer {} --pretty >> tech_stack.jsonCommon Workflows
BASH
# Identify WordPress sites for WPScan
wappalyzer https://target.com | grep -i wordpress && wpscan --url https://target.com
# Mass tech detection
subfinder -d target.com -silent | httpx -silent | while read url; do
echo "=== $url ===" && wappalyzer "$url" 2>/dev/null
done > tech_report.txt
# Find outdated jQuery/Angular for known CVEs
wappalyzer https://target.com | grep -iE "jquery|angular|react|vue"