Attack Surface Scanner — Website Technology Detection
Static HTML and response-header technology fingerprint for public URLs
How to Use This Tool
- Enter a full public URL including https:// scheme.
- URL passes assertSafeFetchUrl SSRF validation before server fetch.
- HTTP GET retrieves HTML body and response headers with timeout.
- TECH_SIGNATURES regex patterns populate category buckets.
- HEADER_TECH_HINTS add server, CDN, and security product clues from headers.
- Review technologies count, buckets, metaGenerator, and note about SPA limitations.
About This Tool
Attack surface management starts with knowing what technologies a public URL exposes — CMS versions, JavaScript frameworks, analytics pixels, CDN edges, and security product hints reveal expansion paths for adversaries. VSPIC attack surface scanner calls the tech-detector action with your URL, fetches the page through SSRF-safe validation, matches HTML and response headers against TECH_SIGNATURES buckets (cms, framework, analytics, cdn, hosting, security, marketing, payment, fonts, cookie), and returns technologies array, per-category buckets, metaGenerator, server, poweredBy, scriptSamples, linkSamples, htmlSize, and note that client-rendered stacks may require JavaScript execution for full detection.
This is a passive single-URL fingerprint — not port scanning, subdomain brute force, or authenticated crawling. Pair with subdomain-discovery for hostname enumeration and shodan-quick-view for IP-level exposure after resolving hosting.
Common use cases
- •Inspect HTTP headers and user-agent strings
- •Analyze email headers for phishing investigation
- •Generate strong passwords for staging environments
Why use VSPIC for ?
- Multi-category technology buckets in one passive URL fetch.
- CMS, framework, CDN, and security product signals from HTML and headers.
- metaGenerator and poweredBy for quick version-oriented triage.
- scriptSamples and linkSamples for third-party dependency review.
- responseHeaders map for manual security header inspection.
- Free single-URL scan — no account required.
Attack surface versus full ASM platforms
Enterprise ASM combines subdomain enumeration, port scanning, cloud asset APIs, and continuous diffing. Our page offers a free entry point — passive technology fingerprint on one URL you authorize — surfacing CMS, frameworks, and third-party scripts adversaries research before exploiting.
Run weekly on production apex and critical app URLs, storing JSON exports to diff when marketing adds new analytics or engineering upgrades frameworks.
What tech-detector returns
technologies flattens unique names across buckets. cms might list WordPress or Drupal; framework might list React or Next.js hints from script patterns; cdn lists Cloudflare or Akamai signals; security lists reCAPTCHA or firewall products when HTML or headers expose them.
count totals detected technologies. htmlSize and status document fetch success. note clarifies static analysis limits for client-rendered applications.
Reading category buckets
Per-category arrays help teams route findings — marketing owns analytics pixels, platform owns cms and framework, security owns security and cookie categories. payment detections flag PCI-relevant third parties.
Empty buckets do not prove absence — obfuscated scripts and first-party bundling hide signatures.
metaGenerator and scriptSamples
metaGenerator extracts generator meta tag version strings when present — quick win for outdated CMS identification. scriptSamples lists up to ten external script src URLs revealing CDN dependencies and tag managers.
linkSamples surfaces stylesheet and prefetch hrefs — unexpected domains in link tags sometimes indicate shadow IT integrations.
Relationship to website-technology-detector
Both call action tech-detector with identical JSON. website-technology-detector is the canonical stack detection page; attack-surface-scanner frames ASM vocabulary for security teams inventorying external web exposure.
API action tech-detector accepts url parameter on both pages.
Pairing with subdomain and exposure tools
subdomain-discovery enumerates CT-log hostnames for broader hostname scope. After resolving hosting IP, shodan-quick-view adds port exposure. security-headers-checker scores HSTS and CSP on the same URL.
Combined workflow approximates lightweight ASM without commercial platform cost for small teams.
SPA and JavaScript rendering limits
tech-detector fetches raw HTML without executing JavaScript. React, Vue, and Angular apps may return minimal shell HTML — count may underreport versus browser DevTools. note documents this honestly.
When count is zero on known dynamic apps, inspect scriptSamples for bundle URLs and retest with website-technology-detector after reviewing network tab manually.
API action tech-detector
GET /ip-tools/api/extended?action=tech-detector&url=https://example.com. Parse technologies, buckets, metaGenerator, scriptSamples. Respect rate limits — stagger weekly ASM jobs across many URLs.
assertSafeFetchUrl blocks private network targets — only public URLs scan.
Authorized scanning
Scan only URLs you own or are contracted to assess. Passive fetch still contacts the target server — coordinate with change windows on production.
We do not store fetched HTML bodies long-term.
Important notes & limitations
- Static HTML analysis — SPAs may hide stack until JavaScript executes.
- Single URL only — does not crawl internal links or subdomains.
- Technology presence does not equal vulnerability — verify versions separately.
- Some hosts return different content to bots versus browsers.
- Requires publicly reachable URL — localhost and private IPs blocked.
Frequently Asked Questions
Yes. VSPIC offers this attack surface scanner at no cost with no account required. Results load in real time.
We do not permanently store your queries on our servers. Some tools run entirely in your browser; others fetch public data for the request only.
Yes. Open the page in any modern phone or tablet browser. Results work on Wi‑Fi and mobile data.
No. It fetches one URL. Use subdomain-discovery to enumerate hostnames, then scan each critical URL separately.
It detects technology signals, not CVEs. Use vulnerability-scanner or shodan-quick-view on hosting IP for exposure-oriented follow-up.
Client-rendered apps may serve empty HTML shells. Our note explains static analysis limits — check scriptSamples or browser DevTools.
Same tech-detector API and JSON. This page uses attack surface scanner SEO framing for ASM workflows.
Only publicly reachable URLs pass SSRF-safe validation. Private IPs and localhost are blocked.
tech-detector with the url parameter.
Next step for your check
Continue with website technology detector on VSPIC.
Related Tools
Explore more free VSPIC tools for IP, DNS, security, and network diagnostics.
Website Technology Detector
CMS, framework, analytics, CDN — categorized stack scan
Use Free →Subdomain Discovery
Subdomain Discovery — free online tool
Use Free →Security Headers Checker
HSTS, CSP grade A–F, per-header score, full header map
Use Free →Shodan Quick View
Open ports, services, and basic exposure summary
Use Free →Header Checker
Inspect HTTP request and response headers
Use Free →Link Checker
Verify if a URL is reachable and check HTTP status
Use Free →
Trusted by Users Who Value Privacy
Always Free
No premium plan ever
100% Private
Files processed in browser
Instant Results
Convert in seconds
Works Everywhere
Any device, any OS