Skip to main content

Overview

Website Recon identifies server-side and client-side technologies on a web application. It generates findings for each detected technology and adds results to your Attack Surface.

Parameters

ParameterDescription
TargetThe address of the website to analyze. Must start with http:// or https://.

How it works

Website Recon uses Wappalyzer as its scanning engine. Wappalyzer maintains a database of over 7,900 technologies across 100+ categories. The tool analyzes multiple elements of the website:
ElementWhat it reveals
HTTP response headersServer software, frameworks, caching layers
HTML Meta Generator tagsCMS platforms, static site generators
Embedded JavaScript filesFrontend frameworks, libraries, analytics
HTML content patternsApplication frameworks, templating engines
HTML commentsDevelopment tools, build systems
Website faviconPlatform identification (e.g., WordPress, Drupal)
It also takes a screenshot of the website.

Technology categories

Website Recon identifies technologies across many categories:
CategoryExamples
CMSWordPress, Drupal, Joomla, Wix, Squarespace
Web serversnginx, Apache, IIS, LiteSpeed, Caddy
Programming languagesPHP, Python, Java, Node.js, Ruby, ASP.NET
JavaScript frameworksReact, Angular, Vue.js, jQuery, Next.js
CSS frameworksBootstrap, Tailwind CSS, Foundation
E-commerceShopify, WooCommerce, Magento, PrestaShop
CDNCloudflare, Akamai, Fastly, AWS CloudFront
AnalyticsGoogle Analytics, Matomo, Hotjar
Marketing automationHubSpot, Mailchimp, Marketo
SecurityreCAPTCHA, Cloudflare Bot Management
CachingVarnish, Redis, Memcached
Reverse proxiesnginx, HAProxy, Envoy

How recon results feed into testing

Technology fingerprinting typically happens early in a penetration test. Knowing what software a target runs lets you:
  • Use CMS-specific tools when WordPress, Drupal, or Joomla is detected
  • Match detected versions against known CVEs
  • Plan targeted testing based on the application architecture
  • Focus on known-vulnerable components first
When Website Recon detects WordPress, a recommendation appears to run the WordPress Scanner for a more thorough CMS-specific assessment.

Example workflow

If Website Recon finds the following about a target: 
CMS: WordPress 4.1
Server: Apache 2.2
Operating System: Linux
Next steps:
  1. Search for WordPress 4.1 CVEs
  2. Run the WordPress Scanner for CMS-specific testing
  3. Use the server and OS information to select appropriate exploits

Follow-up actions

DiscoveryRecommended action
WordPressRun WordPress Scanner
DrupalRun Drupal Scanner
JoomlaRun Joomla Scanner
API endpointsRun API Scanner
GraphQLRun API Scanner with GraphQL support
Outdated softwareCheck CVE databases for known vulnerabilities
Any web applicationRun Website Scanner for full assessment
WAF presence suspectedRun WAF Detector to identify protection
Hidden contentRun URL Fuzzer to discover hidden directories and files
HTTPS enabledRun SSL/TLS Scanner to analyze encryption configuration