S E C U R I T Y

Loading

Technology Identifier




information gathering scans | vulnerability scanning tools
Details
Stay Up To Date
Parent Checks

  • Threat Intel

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

10

Technology Identifier Detail

How much do you think a person can retrieve information about the technologies you use on your website? Your web servers, JavaScript libraries, analytical codes, programming language, operating system are only a few of them.

What is Technology Identifier ?

Technology identifier is a tool that shows the basic technologies used on websites. You can identify the following information by using this tool:

  1. What is the name of the e-commerce platform?
  2. Which CRM application is used?
  3. Does the website have an ad network?
  4. Which JavaScript frameworks are used?
  5. Which CMS is used?
  6. What is the webserver name and version?

In fact, this information can be easily collected by anyone who knows where to look. Collected information might pose a risk for you.


Why is it important to find using technologies ?

Information gathering is one of the most important steps for the attackers. By using this information, you can directly learn the existence of the vulnerability. For example, version information of a WordPress application will uncover the possible vulnerability existence with high accuracy. Later, people with malicious intentions search on how to exploit this vulnerability and attack.

Or collected information can be used in the next stages of the cyberattack. Operating system type, JavaScript library etc can help attackers to have successful attacks.

Additionally, this information might contain more meaning than you think. By using the information in analytic codes, it is possible to detect other websites that belong to you.


How can we understand which technologies a website is using?

To find which technologies does a website used, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can run nmap --script http-devframework -p 80,443 Target_Host command on nmap tool which can be installed to all operating systems.

Additionally, you can install free add-ons on your browsers to detect these technologies. For example Wappalyzer, W3Techs, SimilarTech etc.

Lastly, you can use open course software just like we did. For example, WhatWeb, Wappalyzer etc

Some Advice for Common Problems

If important information can be retrieved from your website, you can follow the following recommendations to eliminate the vulnerability.

  1. Your webserver version, software language, operating system etc. can be seen from HTTP titles. You can hide or change your server settings from these titles. (For example, configuration files: php.ini, apache2.conf, httpd.conf, nginx.conf etc.)
  2. You can change the version and name information in the static file (JavaScript, CSS files etc.).
  3. If you are using a Content Management System (CMS) application (like Joomla, WordPress), you can change default folders and/or connections.
  4. If any, you can clear the comment lines and version information inside HTML codes.