Introduction
When attempting to exploit a target with a known vulnerability you could just launch your exploit at every target and hope for the best or you can do things a little smarter. Identifying the target technology stack will help you find the exploits impacting that stack. Not knowing this information will leave you blind and you will have to take random guesses at which exploits might work.
Wappalyzer
If you’re attempting to discover the technologies running on a website the best place to start is wappalyzer. An alternative to wappalyzer is “ https://builtwith.com/” but I personally like wappalyzer better.
I personally like to use the wappalyzer browser plugin as it makes it easy to determine an endpoints tech stack when browsing their website. As you can see in the image above this website is running “Ruby on Rails”, “Jquery 3.5.0”, “Backbone.js 1.4.0”, and a few other things. Note that if you use a command line tool you can scan multiple websites at once, this is nice if you’re trying to scan hundreds or thousands of sites at once.
Powered By
Wappalyzer is great but it won’t identify everything. Wappalyzer works off of regexes so if it doesn’t have a specific technologies regex in its database it won’t be able to identify it.
As shown above, the wappalyzer came back mostly blank. However, if you look at the footer at the bottom of the page you see the words “Powered by Gila CMS”. We can conclude that this site is running Gila CMS but if we were only looking at wappalyzer we would have missed this.
Summary
You need to know the technology stack your target is running so you can find associated exploits. There are a few ways to determine the technologies an endpoint is running but I almost always use wappalyzer. If you can’t determine this information with wappalyzer there are other techniques to find an endpoints technology stack.