WhatWeb
WhatWeb WhatWeb is the Ruby-based tech fingerprint scanner that passively probes HTTP responses for CMS, frameworks, and JS libs, matching signatures for version hints in recon phases. Run its CLI with --aggression for active checks, outputting YAML for parsed details on servers or analytics. Open-source from urbanadventurer, it's the web whisperer for OSINT pros identifying stacks from subtle signals.
Explore →Webtech
Webtech Webtech is the fast Go scanner for detecting web technologies like Apache or WordPress via header and HTML fingerprints, outputting JSON for easy integration in recon pipelines. Configure via CLI with -u for URLs and -v for verbose, chaining with httpx for alive checks. Open-source from projectdiscovery, it's the tech tracker for pentesters templating stack mapping.
Explore →Wappalyzer CLI
Wappalyzer CLI Wappalyzer CLI ports the browser extension to terminal, identifying CMS, e-commerce, and frameworks from HTTP fingerprints for passive recon on tech stacks. Install via Go, run on hosts for categorized outputs, exporting to JSON for tools. Open-source from AliasIO, it's the CLI clairvoyant for devs discovering web fingerprints without GUIs.
Explore →Retire.js
Retire.js Retire.js scans JS assets for vulnerable libraries like jQuery exploits, matching versions against CVE feeds for quick dep audits in site recon. Run its Node CLI on URLs or files for JSON reports, integrating with npm for build checks. Open-source from RetireJS, it's the lib lifeguard for auditors spotting outdated codebases.
Explore →EyeWitness
EyeWitness EyeWitness screenshots pages and fingerprints tech like servers or CMS via HTML/headers, visually mapping stacks for recon on diverse hosts. Run its Python script on lists with --timeout for captures, outputting HTML galleries for review. Open-source from FortyNorthSecurity, it's the visual verifier for pentesters templating tech screenshots.
Explore →Aquatone
Aquatone Aquatone screenshots subdomains and fingerprints tech stacks with HTTP probes, discovering CMS or JS libs for asset triage in recon. Configure its Go binary with --domain for automated captures, exporting reports for analysis. Open-source from michenriksen, it's the screenshot sleuth for web mappers templating visual tech overviews.
Explore →Nuclei Tech Templates
Nuclei Tech Templates Nuclei Tech Templates use YAML rules to detect web tech like Nginx or React via headers and fingerprints, matching for version vulns in passive scans. Clone the pack, run via CLI on scopes for tagged hits with details. Open-source from projectdiscovery, it's the template tech-teller for scalable stack identification.
Explore →Gowitness
Gowitness Gowitness is the headless browser for tech fingerprinting via screenshots and DOM parsing, detecting frameworks or analytics in JS-heavy sites. Run its Go CLI on lists with --threads for parallel captures, outputting timelines. Open-source from sensibletrees, it's the witness wizard for pentesters templating visual tech recon.
Explore →Photon
Photon Photon crawls sites for tech intel like emails and JS endpoints, passively fingerprinting frameworks from source code in recon phases. Configure its Python CLI with -l for links, extracting for stack mapping. Open-source from s0md3v, it's the intel ingatherer for web auditors templating passive HTTP harvesting.
Explore →Webanalyze