binsec.tools – WebCompScan
WebCompScan from binsec.tools enables you to identify the technologies used on websites and check whether they are outdated or vulnerable.
The technologies that the WebCompScan tool can detect include CMS systems, web servers, programming languages, JavaScript libraries, and also payment methods offered.
To detect the technologies, it uses open source databases with regex patterns. The website to be checked is automatically opend up in a browser and the patterns are used to check whether the various components of the website contain indications of known technologies. In addition to HTTP headers and the HTML source code of the website, the Document Object Model (DOM) and the JavaScript variables are also analyzed.
In some cases, version information on the software components used can also be obtained in this way. In the next step, these are checked against an open source database for known vulnerabilities. It is also checked whether the software components are still supported by the manufacturer or are already end of life.
In principle, all of this information is public, but binsec.tools combines it into one free pentest tool.