Wappalyzer - crawling of resources on a website #4020

stephanie0x00 · 2025-01-09T15:08:55Z

Describe the bug
The very first wappalyzer performed some kind of crawling on websites to find software and it's versions. However this version was outdated and didn't provide any proof of how the data was gathered for reproducibility. The newer versions of our wappalyzer implementation do not crawl all page of a website, thus software instances and it's versions are often missed, as these are often found in external files (e.g. https://example.com/js/core.js contains the string jQuery 1.2.3).

Issue identified with #3800.

The question now is:

How are we going to crawl the resources?
What depth are we going to crawl?
What scopes?
Others?

Expected behavior
Some kind of crawling should be performed to identify these files and check for software and software versions.

OpenKAT version
main

stephanie0x00 added bug Something isn't working discussion labels Jan 9, 2025

github-project-automation bot added this to KAT Jan 9, 2025

stephanie0x00 assigned ammar92 Jan 9, 2025

github-project-automation bot moved this to Incoming features / Need assessment in KAT Jan 9, 2025

stephanie0x00 moved this from Incoming features / Need assessment to To be discussed in KAT Jan 9, 2025

This was referenced Jan 9, 2025

Wappalyzer - software version not picked up from HTTP Resource #4021

Open

Update Wappalyzer #3800

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wappalyzer - crawling of resources on a website #4020

Wappalyzer - crawling of resources on a website #4020

stephanie0x00 commented Jan 9, 2025 •

edited

Loading

Wappalyzer - crawling of resources on a website #4020

Wappalyzer - crawling of resources on a website #4020

Comments

stephanie0x00 commented Jan 9, 2025 • edited Loading

stephanie0x00 commented Jan 9, 2025 •

edited

Loading