Loading...
Loading...
Map the complete technology stack of any website through passive analysis of HTTP headers, DNS records, JavaScript patterns, cookies, ads.txt, and 6 more signal sources. No intrusive probes. No active scanning.
Website OSINT is the practice of gathering actionable intelligence about a website using only publicly available data sources. Technology fingerprinting reveals the CMS, frameworks, analytics, ad networks, hosting stack, and security posture of any target without active probing or intrusion.
Identify CMS, frameworks, libraries, and SDKs through signature-based pattern matching across HTML, JavaScript, headers, and cookies.
Extract intelligence from TXT, CNAME, and MX records to identify email providers, verification services, CDNs, and cloud infrastructure.
Parse ads.txt to discover SSP relationships, ad exchanges, and monetization partners. Reveal a publisher's full advertising ecosystem.
Determine hosting providers, CDNs, web servers, SSL certificate authorities, and deployment platforms from HTTP headers and DNS.
Identify vulnerable technologies, outdated frameworks, and misconfigured servers during the reconnaissance phase of security assessments.
Evaluate a company's technology maturity, infrastructure investments, and vendor relationships before M&A, investments, or partnerships.
Track what technologies competitors adopt, which vendors they switch to, and how their stack evolves over time.
Fingerprint fraudulent websites, identify shared infrastructure across scam networks, and correlate technology patterns for attribution.
Enumerate the attack surface by mapping all externally visible technologies, versions, and third-party dependencies before active testing.
Build targeted prospect lists by filtering companies using specific technologies. Qualify leads based on their tech stack before outreach.
Every scan runs all 10 analyzers in parallel. No sampling, no shortcuts — full coverage on every request.
Server, X-Powered-By, Set-Cookie, and custom response headers reveal frameworks, CDNs, and security configurations.
Regex matching against page source to detect CMS signatures, generator comments, and framework-specific markup.
Analyze <script src> and <link href> URLs to identify CDN-hosted libraries, analytics SDKs, and third-party widgets.
Parse <meta> generator tags, Open Graph properties, and verification tags for CMS, SEO tools, and site ownership.
Cookie name patterns reveal session management, A/B testing tools, personalization engines, and analytics trackers.
CSS selector matching against the parsed DOM to find framework-specific classes, IDs, and data attributes.
Detect window-level variables and object patterns that indicate loaded libraries and their versions.
TXT, CNAME, and MX record analysis for email providers, domain verification, CDN routing, and cloud services.
Parse /ads.txt to identify authorized SSPs, ad exchanges, reseller relationships, and monetization partners.
Domain and path analysis to detect platform-specific URL structures, subdomains, and routing conventions.
Paste any website URL into the scanner or pass it to the API. No account required for your first scan.
HTTP headers, HTML, scripts, cookies, DNS, ads.txt, meta tags, DOM, JS globals, and URL patterns are scanned in parallel.
Receive a structured report with every detected technology, confidence scores, version numbers, and category classifications.
Integrate website technology detection into your OSINT workflows, security dashboards, or investigation platforms with a simple REST API. Scan thousands of domains programmatically.
# Scan a target domain $ curl "https://whatstack.ai/api/detect?url=target.com" \ -H "X-API-Key: YOUR_KEY" # Response { "technologies": [ { "name": "Cloudflare", "confidence": 100, "categories": ["CDN", "Security"] }, { "name": "WordPress", "version": "6.4.2", "confidence": 100 } // ... more technologies ], "meta": { "category": "Blog" } }
A comprehensive walkthrough of passive website reconnaissance techniques using technology detection.
Read moreHow WhatStack compares to other technology detection tools for open-source intelligence workflows.
Read morePractical approaches to web recon: DNS enumeration, header analysis, and technology fingerprinting.
Read moreScan any website for free. No account required for your first analysis. Upgrade to the API for bulk reconnaissance at scale.
Free tier includes 500 API requests/month — no credit card required
Website technology OSINT (Open Source Intelligence) is the practice of identifying the technologies powering a website using only publicly available data. This includes analyzing HTTP response headers, HTML source code, JavaScript files, cookies, DNS records, and ads.txt entries. Technology fingerprinting reveals CMS platforms (WordPress, Shopify, Drupal), JavaScript frameworks (React, Vue, Angular), analytics tools (Google Analytics, Hotjar), advertising networks, payment processors, hosting providers, and CDNs. This intelligence is used by security researchers, competitive analysts, investigators, and sales teams to understand a target's digital infrastructure without any active probing or intrusion.
WhatStack uses 10 parallel analyzers to scan every target website: (1) HTTP Header Analyzer examines Server, X-Powered-By, and custom headers; (2) HTML Analyzer matches regex patterns against page source; (3) Script Source Analyzer checks CDN and SDK URLs in script and link tags; (4) Meta Tag Analyzer parses generator and verification meta tags; (5) Cookie Analyzer identifies session and tracking cookies by name patterns; (6) DOM Analyzer matches CSS selectors against the parsed DOM; (7) JavaScript Global Analyzer detects window-level variables; (8) DNS Analyzer queries TXT, CNAME, and MX records; (9) ads.txt Analyzer parses authorized seller entries; (10) URL Analyzer checks domain and path patterns. Results are merged with confidence scoring, relationship resolution (implies/excludes), and version extraction. The full scan completes in under 3 seconds.
Yes. WhatStack provides a REST API that accepts URLs via GET or POST requests and returns JSON responses. For bulk OSINT operations, you can make concurrent API requests up to your plan's rate limit. The Free plan includes 500 requests/month, Basic provides 5,000, Pro provides 25,000, and Enterprise supports 100,000 requests/month. This makes WhatStack suitable for large-scale domain reconnaissance, portfolio scanning, and automated technology monitoring workflows. Results include full technology profiles with confidence scores, version numbers, and category classifications.
WhatStack is designed for passive reconnaissance and analyzes only publicly accessible data sources. It does not send intrusive probes, exploit vulnerabilities, or perform active scanning. The data sources analyzed — HTTP headers, HTML, DNS records, cookies, ads.txt — are all publicly served by the target website. This makes WhatStack appropriate for the information-gathering phase of security assessments, bug bounty reconnaissance, penetration test planning, digital forensics, and compliance audits. Detected technologies, versions, and infrastructure details help security professionals understand a target's attack surface before initiating any active testing.