Wappalyzer Cheatsheet
Purpose: Identify web technologies — CMS, frameworks, JS libraries, analytics, ecommerce, CDNs — from response headers, HTML, cookies, scripts, and DOM.
Note: Wappalyzer is primarily a browser extension and web service. The original CLI/NPM package was deprecated; community forks still exist.
Access Points
| Surface | URL / Source |
|---|---|
| Browser extension (Chrome / Firefox / Edge) | https://www.wappalyzer.com/apps/ |
| Web lookup (single URL) | https://www.wappalyzer.com/lookup/ |
| API / bulk lookups (paid) | https://www.wappalyzer.com/api/ |
| Legacy NPM CLI (deprecated, archived) | npm i -g wappalyzer |
| Community fork (Webappalyzer) | https://github.com/enthec/webappanalyzer |
Browser Extension Workflow
- Install extension; pin to toolbar.
- Navigate to target.
- Click the icon — categories light up: CMS, Web frameworks, JS libs, Analytics, Web servers, Tag managers, CDN, Ecommerce, Payment processors, Font scripts, Issue trackers, etc.
- Click a detected tech for vendor links and version info (when available).
Stealth value: all detection runs in your browser against an already-loaded page → no extra requests to the target.
Legacy CLI (archived, may not install on modern Node)
npm i -g wappalyzer
wappalyzer https://target.tld # JSON to stdout
wappalyzer https://target.tld --pretty # Indented JSON
wappalyzer https://target.tld --recursive --depth=2 # Crawl
wappalyzer https://target.tld --user-agent "Recon/1.0"
wappalyzer https://target.tld --proxy http://127.0.0.1:8080
Useful flags (legacy):
| Flag | Description |
|---|---|
--pretty |
Pretty-print JSON |
--recursive |
Crawl links on the same domain |
--depth=<n> |
Crawl depth |
--max-urls=<n> |
Cap URL count |
--user-agent <ua> |
Custom UA |
--proxy <url> |
Route through proxy |
--no-scripts |
Skip JS evaluation |
Web Lookup (no install)
https://www.wappalyzer.com/lookup/<domain>
Use when you can’t install the extension (locked workstation, throwaway VM). Result mirrors what the extension shows.
Data It Reveals
- CMS + version (WordPress, Drupal, Joomla, Ghost, …)
- Web servers (Nginx, Apache, IIS, LiteSpeed)
- Application servers / frameworks (Laravel, Django, Rails, ASP.NET, Express, Next.js)
- JS frameworks & UI libs (React, Vue, Angular, jQuery, Svelte)
- Tag managers / analytics (GTM, GA, Matomo, Hotjar)
- CDNs (Cloudflare, Akamai, Fastly, CloudFront)
- Ecommerce platforms (Shopify, Magento, WooCommerce)
- Payment processors, search platforms, A/B tools, CRMs
Tips
- Extension uses page DOM + already-fetched assets → no extra noise on the target.
- Cross-check with
whatweb -a 3from a CLI host; Wappalyzer and WhatWeb miss different things. - For bulk programmatic detection prefer WhatWeb (free, scriptable) or Wappalyzer’s paid API.
- Versions reported via JS globals / generator meta — confirm with
curl -sIor by fetching a known asset path (/wp-includes/,/sites/default/files/). - Useful for OSINT recon before engagement — runs entirely in your browser.
Related
- [[whatweb]] — scriptable equivalent for CLI / pipelines.
- [[builtwith]] — historical tech profile for the domain.
- [[wafw00f]] — companion for WAF detection.