Wednesday, 6 January 2016

Quickly detect CMS & other technologies being used on a website

Ever wanted to uncover quickly the Content Management System (CMS) being used on a particular website? Well, if you are a developer or responsible for assessing the security of Web Applications, this might be a good tip on how to do this quickly and effectively. 

First of all, let me point out that there are several websites online that offer to analyse a given URL and then return results not only about the particular CMS being used, but on other technologies utilised in each case as well. These technologies may be the use of Apache, the presence of Google Analytics, other technologies such as jQuery, reCaptcha, etc. 

The problem with all these online services however is privacy. When checking a particular website, especially if you have been contracted to assess the security of the web application in place, you do not want this information to be shared with a third party or to be included in a publicly available "recently checked" list. 

I actually spent some time trying to locate a button or a check box on these website that would allow me to opt-out from allowing them to cache or display the information, but I couldn't. Thus, I had to find a different way that would respect my privacy and I think that I did. 

The best solution I came across is using a particular browser extension. One of the main reasons for using this particular extension is because it allows the user to choose if he/she wants to "anonymously send reports on detected applications to for research". (once you install the extension, Right-Click on it and select Options in order to uncheck the check box.)

As you can see in the picture above, this browser extension can give you a detailed list of technologies being used on a particular website and not only speed up the detection process but also highlight particular issues really quickly for those engaging in penetration testing. 

The browser extension can be found here:

Quick Download links:

Opera: Install Download Chrome Extension first, then install from the Chrome Web Store.

Another important reason for choosing this browser extension instead of any other online means is because the source code is on GitHub which you can review and contribute if you like. 

No comments:

Post a Comment