> ## Documentation Index
> Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Website Recon

> Identify technologies running on any web application

## Overview

Website Recon identifies server-side and client-side technologies on a web application. It generates [findings](/core/findings/findings) for each detected technology and adds results to your [Attack Surface](/capabilities/attack-surface).

## Parameters

| Parameter | Description                                                                     |
| --------- | ------------------------------------------------------------------------------- |
| Target    | The address of the website to analyze. Must start with `http://` or `https://`. |

## How it works

Website Recon uses [Wappalyzer](https://www.wappalyzer.com/) as its scanning engine. Wappalyzer maintains a database of over 7,900 technologies across 100+ categories.

The tool analyzes multiple elements of the website:

| Element                       | What it reveals                                   |
| ----------------------------- | ------------------------------------------------- |
| **HTTP response headers**     | Server software, frameworks, caching layers       |
| **HTML Meta Generator tags**  | CMS platforms, static site generators             |
| **Embedded JavaScript files** | Frontend frameworks, libraries, analytics         |
| **HTML content patterns**     | Application frameworks, templating engines        |
| **HTML comments**             | Development tools, build systems                  |
| **Website favicon**           | Platform identification (e.g., WordPress, Drupal) |

It also takes a screenshot of the website.

## Technology categories

Website Recon identifies technologies across many categories:

| Category                  | Examples                                    |
| ------------------------- | ------------------------------------------- |
| **CMS**                   | WordPress, Drupal, Joomla, Wix, Squarespace |
| **Web servers**           | nginx, Apache, IIS, LiteSpeed, Caddy        |
| **Programming languages** | PHP, Python, Java, Node.js, Ruby, ASP.NET   |
| **JavaScript frameworks** | React, Angular, Vue.js, jQuery, Next.js     |
| **CSS frameworks**        | Bootstrap, Tailwind CSS, Foundation         |
| **E-commerce**            | Shopify, WooCommerce, Magento, PrestaShop   |
| **CDN**                   | Cloudflare, Akamai, Fastly, AWS CloudFront  |
| **Analytics**             | Google Analytics, Matomo, Hotjar            |
| **Marketing automation**  | HubSpot, Mailchimp, Marketo                 |
| **Security**              | reCAPTCHA, Cloudflare Bot Management        |
| **Caching**               | Varnish, Redis, Memcached                   |
| **Reverse proxies**       | nginx, HAProxy, Envoy                       |

## How recon results feed into testing

Technology fingerprinting typically happens early in a penetration test. Knowing what software a target runs lets you:

* Use CMS-specific tools when WordPress, Drupal, or Joomla is detected
* Match detected versions against known CVEs
* Plan targeted testing based on the application architecture
* Focus on known-vulnerable components first

<Tip>
  When Website Recon detects **WordPress**, a recommendation appears to run the [WordPress Scanner](/tools/wordpress-scanner) for a more thorough CMS-specific assessment.
</Tip>

### Example workflow

If Website Recon finds the following about a target:

```
CMS: WordPress 4.1
Server: Apache 2.2
Operating System: Linux
```

Next steps:

1. Search for WordPress 4.1 CVEs
2. Run the [WordPress Scanner](/tools/wordpress-scanner) for CMS-specific testing
3. Use the server and OS information to select appropriate exploits

## Follow-up actions

| Discovery              | Recommended action                                                                |
| ---------------------- | --------------------------------------------------------------------------------- |
| WordPress              | Run [WordPress Scanner](/tools/wordpress-scanner)                                 |
| Drupal                 | Run [Drupal Scanner](/tools/drupal-scanner)                                       |
| Joomla                 | Run [Joomla Scanner](/tools/joomla-scanner)                                       |
| API endpoints          | Run [API Scanner](/tools/api-scanner)                                             |
| GraphQL                | Run [API Scanner](/tools/api-scanner) with GraphQL support                        |
| Outdated software      | Check CVE databases for known vulnerabilities                                     |
| Any web application    | Run [Website Scanner](/tools/website-scanner) for full assessment                 |
| WAF presence suspected | Run [WAF Detector](/tools/waf-detector) to identify protection                    |
| Hidden content         | Run [URL Fuzzer](/tools/url-fuzzer) to discover hidden directories and files      |
| HTTPS enabled          | Run [SSL/TLS Scanner](/tools/ssl-tls-scanner) to analyze encryption configuration |
