loading
loading
Discovery
A Go port of Wappalyzer built to fingerprint huge lists of hosts fast.
overview
webanalyze reimplements Wappalyzer's signature matching in Go, so it fingerprints the technologies behind thousands of hosts in one fast pass. Point it at a single host or a file of hosts and it inspects each response, matching headers, cookies, HTML, and scripts against an app-definition file to report the CMS, frameworks, libraries, and servers in use.
Worker threads and a light footprint make it the high-throughput option for technology detection. It can follow a few links past the root page, search across URLs on the same base domain, and write stdout, CSV, or JSON so results flow straight into the rest of a pipeline.
On Trickest, webanalyze is a Discovery node that takes a host or a host list and writes a folder and a file. Run it after subdomain discovery and probing to attach a technology profile to every live host at once, then route hosts by CMS or hand the map to a targeted scanner.
use cases
Feed a file of hosts and let webanalyze fingerprint each one concurrently, raising the worker count to build a technology inventory for the whole estate in a single pass.
Report which sites run WordPress, Drupal, Adobe Experience Manager, or another platform, so you can group targets by stack and prioritize the ones that matter.
Choose CSV or JSON output so the detected technologies feed a database node or a routing step instead of scrolling past in a console.
Set a small crawl depth so detection catches libraries and frameworks that only load on pages past the root.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | -host | Single host to test. |
| hosts | FILE | -hosts | Filename with hosts, one host per line. |
| output-format | STRING | -output | Output format: stdout, csv, or json (default stdout). |
| workers | STRING | -worker | Number of workers to run in parallel (default 4). |
| crawl | STRING | -crawl | Links to follow from the root page (default 0). |
| app-definition-file | FILE | -apps | App definition file with technology signatures (default technologies.json). |
Showing key inputs. webanalyze exposes 7 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | -host | Single host to test. |
| crawl | STRING | -crawl | Links to follow from the root page (default 0). |
| hosts | FILE | -hosts | Filename with hosts, one host per line. |
| workers | STRING | -worker | Number of workers to run in parallel (default 4). |
| output-format | STRING | -output | Output format: stdout, csv, or json (default stdout). |
| search-all-urls | BOOLEAN | -search | Search all URLs on the same base domain, e.g. example.com and sub.example.com (default true). |
| app-definition-file | FILE | -apps | App definition file with technology signatures (default technologies.json). |
example
# fingerprint a host list as JSON, crawling one link deepwebanalyze -hosts hosts.txt -worker 8 -output json -crawl 1http://example.com (0.38s): Cloudflare, (CDN) Nginx, (Web servers) Adobe Experience Manager, (CMS) jQuery, 3.7.1 (JavaScript libraries) Java, (Programming languages)http://shop.example.com (0.52s): Nginx, (Web servers) React, 18.2.0 (JavaScript frameworks) Webpack, (Miscellaneous)guidance
Use webanalyze when you need Wappalyzer-style fingerprinting across many hosts at speed. For deep recursive analysis of a single site, the original Wappalyzer goes further. For liveness plus tech detection in one probe, use httpx.
The original Node tool. Deeper recursive analysis of one site; webanalyze is the fast bulk version.
Plugin-based identifier with aggression levels. Broader recon framing, similar detection goal.
Probes liveness and runs tech detection inline, so one node both filters and fingerprints.
faq
related
Check whether a URL redirects to a masked 404 page.
Append lines to a file only if they are not already there.
Extract URLs and endpoints from Android APK files.
Visual inspection of websites across a large number of hosts.
Find suspicious files across a large set of AWS S3 buckets.
An automated tool that checks for backup artifacts that may disclose a web application's source code.
A host list is probed live by httpx, then webanalyze fingerprints each one and writes the technology map as a queryable output.
Facts on this page come from the live Trickest tool library.