The latest articles on DEV Community by MikeL (@detectzestack). https://dev.to/detectzestack https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2107035%2Fe0c68bde-32d6-4613-b96c-c6abfa4280b1.png https://dev.to/detectzestack en MikeL Wed, 15 Apr 2026 22:11:22 +0000 https://dev.to/detectzestack/how-to-detect-if-a-website-uses-react-4-proven-methods-3f73 https://dev.to/detectzestack/how-to-detect-if-a-website-uses-react-4-proven-methods-3f73 <p>React powers a massive share of the modern web. From single-page apps to server-rendered sites built with Next.js, React’s footprint is everywhere—but not always obvious. A well-built React site can look indistinguishable from any other website in the browser. There’s no “Built with React” badge in the footer.</p> <p>Whether you’re evaluating a competitor’s technology choices, auditing a site for known React vulnerabilities, qualifying leads based on their tech stack, or simply curious about how a product is built, you need reliable detection methods. This guide covers four approaches, from quick manual checks to fully automated API-based detection.</p> <h2> Why Detect React on a Website </h2> <p>Knowing whether a site runs React is more than trivia. Here are the practical reasons people look for this information:</p> <ul> <li> <strong>Competitive intelligence:</strong> Understanding what frameworks your competitors chose—and whether they use plain React, Next.js, or Gatsby—reveals their engineering priorities. A Next.js site signals investment in SEO and performance. A client-side React SPA suggests a different set of trade-offs.</li> <li> <strong>Security auditing:</strong> React versions have known CVEs. Detecting an outdated React version on a target site is a concrete security finding. The same applies to Next.js, which has had its own set of vulnerabilities.</li> <li> <strong>Sales prospecting:</strong> If you sell developer tools, monitoring services, or React-specific products, knowing which companies use React determines whether your outreach is relevant. This is the same logic behind <a href="https://detectzestack.com/blog/find-companies-using-stripe-technographic-prospecting" rel="noopener noreferrer">finding companies that use Stripe</a> for payment-related prospecting.</li> <li> <strong>Migration planning:</strong> Before migrating from Angular to React, or upgrading from React 17 to React 18, you need to know exactly what’s running in production—not what the internal documentation says.</li> <li> <strong>Hiring context:</strong> Researching a company’s tech stack before an interview helps you understand what you’ll be working with and what questions to expect.</li> </ul> <h2> Method 1 — Browser DevTools Console </h2> <p>The fastest way to check if a website uses React is through the browser’s DevTools console. React leaves several fingerprints in the DOM and in JavaScript globals that you can query directly.</p> <h3> Check for React Global Objects </h3> <p>Open Chrome DevTools (press <code>F12</code> or <code>Cmd+Option+I</code> on macOS), switch to the Console tab, and run these checks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Check for the React DevTools hook (present on most React sites)</span> <span class="o">!!</span><span class="nb">window</span><span class="p">.</span><span class="nx">__REACT_DEVTOOLS_GLOBAL_HOOK__</span> <span class="c1">// Check for React Fiber on the root element</span> <span class="o">!!</span><span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">#root</span><span class="dl">'</span><span class="p">)?.</span><span class="nx">_reactRootContainer</span> <span class="c1">// Check for the data-reactroot attribute (React 15-16 pattern)</span> <span class="o">!!</span><span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">[data-reactroot]</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Check for Next.js (built on React)</span> <span class="o">!!</span><span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">__next</span><span class="dl">'</span><span class="p">)</span> </code></pre> </div> <p>If any of these return <code>true</code>, the site is running React. The <code>__REACT_DEVTOOLS_GLOBAL_HOOK__</code> check is the most reliable for modern React apps because React itself injects this hook during initialization, regardless of whether React DevTools is installed.</p> <h3> Inspect the DOM for React Fiber Attributes </h3> <p>React’s reconciler (Fiber) attaches internal properties to DOM nodes. In the Elements panel, select any element inside the React app and look at its properties in the Console:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>// Select an element, <span class="k">then </span>run: <span class="nv">$0</span>.__reactFiber<span class="nv">$ </span> // React 18+ <span class="nv">$0</span>.__reactInternalInstance<span class="nv">$ </span> // React 16-17 <span class="nv">$0</span>._reactInternalFiber // Older React versions </code></pre> </div> <p>These properties are prefixed with a random hash (e.g., <code>__reactFiber$abc123</code>), so you may need to type the prefix and let autocomplete show the full property name. If any of these properties exist on DOM nodes, React is managing that part of the page.</p> <blockquote> <p>Partial React usage: Some sites use React for only part of the page—a checkout widget, a search bar, or a dashboard embedded in a server-rendered page. In these cases, the React root may not be the top-level #root div. Check multiple elements if the top-level checks return false.</p> </blockquote> <h2> Method 2 — View Page Source Clues </h2> <p>Viewing the HTML source (<code>Ctrl+U</code> or <code>Cmd+Option+U</code>) reveals patterns that indicate React, even before JavaScript executes.</p> <h3> Script Tags and Bundle Filenames </h3> <p>React apps typically load bundled JavaScript files. Look for these patterns in the source:</p> <ul> <li> <code>react.production.min.js</code> or <code>react-dom.production.min.js</code> — Direct React library references, common on CDN-loaded setups.</li> <li>Webpack chunk filenames like <code>main.abc123.js</code> or <code>static/js/bundle.js</code> — While not React-specific, these are the default output of Create React App.</li> <li> <code>/__next/</code> prefixed asset paths — A definitive Next.js marker. All static assets in Next.js are served from <code>/_next/static/</code>.</li> </ul> <p>For client-side rendered React apps, the HTML source is often minimal—just a <code>&lt;div id="root"&gt;&lt;/div&gt;</code> and script tags. This “empty shell” pattern is itself a strong signal of a client-side React SPA, though other frameworks like Vue and Angular can produce similar output.</p> <h3> Server-Side Rendered React and Next.js Markers </h3> <p>Server-rendered React sites (using Next.js, Remix, or custom SSR) include the full HTML content in the source. The distinguishing markers are:</p> <ul> <li> <code>&lt;div id="__next"&gt;</code> — The root element for Next.js applications.</li> <li> <code>&lt;script id="__NEXT_DATA__" type="application/json"&gt;</code> — Contains the serialized page props, build ID, and routing data. This is the single most reliable indicator of Next.js.</li> <li> <code>data-reactroot</code> attribute on the root element — Added by <code>ReactDOMServer.renderToString()</code> in React 15-16.</li> <li> <code>data-nhead</code> or <code>data-react-helmet</code> attributes — Present when using helmet-style head management in React SSR. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- Next.js fingerprint in page source --&gt;</span> <span class="nt">&lt;div</span> <span class="na">id=</span><span class="s">"__next"</span><span class="nt">&gt;</span> <span class="c">&lt;!-- Full server-rendered HTML here --&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;script </span><span class="na">id=</span><span class="s">"__NEXT_DATA__"</span> <span class="na">type=</span><span class="s">"application/json"</span><span class="nt">&gt;</span> <span class="p">{</span><span class="dl">"</span><span class="s2">props</span><span class="dl">"</span><span class="p">:{</span><span class="dl">"</span><span class="s2">pageProps</span><span class="dl">"</span><span class="p">:{}},</span><span class="dl">"</span><span class="s2">page</span><span class="dl">"</span><span class="p">:</span><span class="dl">"</span><span class="s2">/</span><span class="dl">"</span><span class="p">,</span><span class="dl">"</span><span class="s2">buildId</span><span class="dl">"</span><span class="p">:</span><span class="dl">"</span><span class="s2">abc123</span><span class="dl">"</span><span class="p">}</span> <span class="nt">&lt;/script&gt;</span> </code></pre> </div> <h2> Method 3 — Browser Extensions </h2> <h3> React Developer Tools Extension </h3> <p>The official React Developer Tools extension (available for Chrome and Firefox) is the most definitive manual check. When you visit a React-powered site, the extension icon lights up—blue for production builds, red for development builds. It also adds “Components” and “Profiler” tabs to DevTools, letting you inspect the React component tree directly.</p> <p>The extension works by detecting the <code>__REACT_DEVTOOLS_GLOBAL_HOOK__</code> that React attaches during initialization. If React is present anywhere on the page—even in a small embedded widget—the extension will detect it.</p> <p>The limitation: you have to visit each site individually. This is fine for one-off checks but impractical if you need to scan hundreds of sites.</p> <h3> DetectZeStack Chrome Extension </h3> <p>The <a href="https://chromewebstore.google.com/detail/detectzestack/mgecmlacndohfjfooobaebjkhekpjdod" rel="noopener noreferrer">DetectZeStack Chrome extension</a> detects not just React but the entire technology stack—frameworks, CDNs, analytics tools, hosting providers, and more—all from a single toolbar click. Unlike React DevTools, which only identifies React, DetectZeStack shows the full picture: whether the site also uses Next.js, what <a href="https://detectzestack.com/blog/detect-cdn-hosting-provider" rel="noopener noreferrer">CDN or hosting provider</a> serves it, what analytics and marketing tools are loaded, and more.</p> <h2> Method 4 — DetectZeStack API (Programmatic Detection) </h2> <p>Manual methods work for spot checks. When you need to detect React across tens, hundreds, or thousands of sites—for lead qualification, competitive analysis, or security scanning—you need an API.</p> <h3> Single-URL Analysis with curl </h3> <p>The DetectZeStack API detects React and 7,300+ other technologies in a single request. Here is a quick check using the free demo endpoint (no API key required):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.com/demo?url=netflix.com"</span> | jq <span class="s1">'.technologies[] | select(.name == "React" or .name == "Next.js")'</span> </code></pre> </div> <p>For production use with higher limits, use the RapidAPI endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.p.rapidapi.com/analyze?url=netflix.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Host: detectzestack.p.rapidapi.com"</span> <span class="se">\</span> | jq <span class="s1">'.technologies[] | select(.categories[] | contains("JavaScript frameworks"))'</span> </code></pre> </div> <h3> Reading the API Response </h3> <p>The API returns a JSON object with all detected technologies. Here is what a React detection looks like in the response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://netflix.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"netflix.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"scan_depth"</span><span class="p">:</span><span class="w"> </span><span class="s2">"full"</span><span class="p">,</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"React"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript frameworks"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"18.2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://reactjs.org"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:facebook:react:18.2:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Next.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript frameworks"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://nextjs.org"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Key fields to look at:</p> <ul> <li> <code>name</code> — The technology name. React and Next.js are reported separately, so you can distinguish between the two.</li> <li> <code>confidence</code> — How certain the detection is (0-100). A confidence of 100 means the fingerprint matched unambiguously.</li> <li> <code>version</code> — When detectable, the specific React version. Useful for security auditing—you can cross-reference this against known CVEs.</li> <li> <code>cpe</code> — The <a href="https://detectzestack.com/blog/cpe-identifiers-explained-for-security-teams" rel="noopener noreferrer">CPE identifier</a> for the technology, letting you look up vulnerabilities in the NVD directly.</li> <li> <code>categories</code> — React appears under “JavaScript frameworks.” This lets you filter the response to only show front-end frameworks.</li> </ul> <h3> Batch Detection Across Multiple Sites </h3> <p>To scan a list of domains for React usage, loop through them with curl or use a script. Here is a quick bash one-liner:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="k">for </span>domain <span class="k">in </span>netflix.com airbnb.com stripe.com<span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$domain</span><span class="s2">: "</span> curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.p.rapidapi.com/analyze?url=</span><span class="nv">$domain</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Host: detectzestack.p.rapidapi.com"</span> <span class="se">\</span> | jq <span class="nt">-r</span> <span class="s1">'[.technologies[] | select(.name == "React" or .name == "Next.js") | .name] | if length == 0 then "not detected" else join(", ") end'</span> <span class="k">done</span> </code></pre> </div> <p>For larger-scale scanning, see the <a href="https://detectzestack.com/blog/website-technology-detection-python-tutorial" rel="noopener noreferrer">Python tutorial</a> which covers batch scanning with rate limiting and CSV export.</p> <h2> React vs Next.js — What the Detection Tells You </h2> <p>Every Next.js site uses React, but not every React site uses Next.js. Understanding the distinction matters for competitive analysis and technical assessment:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Signal</th> <th>Plain React (CRA/Vite)</th> <th>Next.js</th> </tr> </thead> <tbody> <tr> <td>Root element</td> <td></td> <td></td> </tr> <tr> <td>Page data</td> <td>None in source</td> <td> <strong>NEXT_DATA</strong> script tag</td> </tr> <tr> <td>Asset paths</td> <td>/static/js/main.*.js</td> <td>/_next/static/chunks/*.js</td> </tr> <tr> <td>HTTP headers</td> <td>None specific</td> <td>X-Nextjs-Cache (on ISR pages)</td> </tr> <tr> <td>SSR</td> <td>Possible but manual</td> <td>Built-in (SSR/SSG/ISR)</td> </tr> <tr> <td>Rendering pattern</td> <td>Client-side (empty shell)</td> <td>Server-rendered HTML</td> </tr> </tbody> </table></div> <p>When the DetectZeStack API reports both “React” and “Next.js,” it means the site uses Next.js as the framework layer on top of React. If only “React” is reported, the site uses React directly—possibly with Create React App, Vite, Gatsby, Remix, or a custom setup.</p> <p>Other React-based frameworks you may see detected alongside React include Gatsby (which uses React for its component model and adds a static site generation layer) and Remix (which, like Next.js, adds server-side rendering to React). For a broader overview of detecting all JavaScript frameworks, see <a href="https://detectzestack.com/blog/detect-javascript-framework-website" rel="noopener noreferrer">How to Detect What JavaScript Framework a Website Uses</a>.</p> <blockquote> <p>Why this matters for sales: A company running Next.js has likely invested in performance and SEO—they may be interested in monitoring and analytics tools. A company running a client-side React SPA may be more interested in performance optimization and bundle analysis tools. The framework choice signals the team’s priorities. For more on using tech detection for outreach, see Tech Stack Enrichment for Sales Teams.</p> </blockquote> <h2> Get Started with Programmatic React Detection </h2> <p>Manual checks are fine for occasional curiosity. For anything systematic—lead qualification, competitive research, security scanning, or portfolio analysis—an API is the only practical approach.</p> <p>The DetectZeStack API gives you React detection plus 7,300+ other technology fingerprints in a single call. Every request also includes DNS-based infrastructure detection, TLS certificate analysis, and CPE identifiers for vulnerability lookups—layers that no browser-based method can match.</p> <p>The free tier includes 100 requests per month with no credit card required. That is enough to scan your competitor list, audit a client portfolio, or build a proof-of-concept integration.</p> <h3> Related Reading </h3> <ul> <li> <a href="https://detectzestack.com/blog/detect-javascript-framework-website" rel="noopener noreferrer">Detect What JavaScript Framework a Website Uses</a> — React, Vue, Angular, Next.js, and Svelte detection compared</li> <li> <a href="https://detectzestack.com/blog/detect-any-website-tech-stack-with-single-api-call" rel="noopener noreferrer">Detect Any Website's Tech Stack with a Single API Call</a> — Overview of all four detection layers</li> <li> <a href="https://detectzestack.com/blog/website-technology-checker-api" rel="noopener noreferrer">Website Technology Checker API</a> — Full endpoint reference and integration guide</li> <li> <a href="https://detectzestack.com/blog/cpe-identifiers-explained-for-security-teams" rel="noopener noreferrer">CPE Identifiers Explained for Security Teams</a> — Cross-reference detected React versions with known CVEs</li> <li> <a href="https://detectzestack.com/blog/find-companies-using-stripe-technographic-prospecting" rel="noopener noreferrer">Find Companies Using Stripe</a> — Technographic prospecting with the same API</li> <li> <a href="https://detectzestack.com/blog/website-technology-detection-python-tutorial" rel="noopener noreferrer">Website Technology Detection: Python Tutorial</a> — Batch scanning with Python and CSV export</li> <li> <a href="https://detectzestack.com/blog/check-if-website-uses-wordpress" rel="noopener noreferrer">Check If a Website Uses WordPress</a> — CMS detection guide</li> <li> <a href="https://detectzestack.com/blog/detect-cdn-hosting-provider" rel="noopener noreferrer">How to Detect CDN and Hosting Provider</a> — Infrastructure-layer detection</li> <li> <a href="https://detectzestack.com/blog/how-to-detect-nextjs-website" rel="noopener noreferrer">How to Detect if a Website Uses Next.js</a> — Next.js-specific detection with Pages Router vs App Router fingerprints</li> <li> <a href="https://detectzestack.com/blog/how-to-detect-vue-website" rel="noopener noreferrer">How to Detect if a Website Uses Vue.js</a> — Vue and Nuxt detection from console checks to API automation</li> <li> <a href="https://detectzestack.com/blog/how-to-detect-tailwind-css" rel="noopener noreferrer">How to Detect Tailwind CSS on Any Website</a> — 5 methods to identify Tailwind from DOM inspection to API automation</li> </ul> techstack webdev api tutorial MikeL Wed, 15 Apr 2026 20:42:00 +0000 https://dev.to/detectzestack/how-to-detect-if-a-website-uses-intercom-5-methods-3o4k https://dev.to/detectzestack/how-to-detect-if-a-website-uses-intercom-5-methods-3o4k <p>Intercom is one of the most popular customer messaging platforms on the web. Companies use it for live chat, in-app messaging, help centers, and product tours—making it a key indicator of how a business handles customer communication. From the outside, the familiar chat bubble in the bottom-right corner is a strong hint, but it is not always visible: some sites customize or delay-load the widget, and others use Intercom only for backend messaging without a visible launcher.</p> <p>Whether you are qualifying sales leads, analyzing a competitor’s support stack, auditing third-party scripts for security, or planning a migration off Intercom, reliably detecting it matters. This guide covers five methods: from quick manual checks to a fully programmatic API approach that works at scale.</p> <h2> Why Detect Intercom on a Website </h2> <p>Intercom is more than a chat widget. Detecting it on a website tells you several things about the business behind it.</p> <p><strong>Budget signal.</strong> Intercom pricing starts around $39/month for very small teams and scales to $139/month or more for growth-stage companies. Businesses running Intercom have allocated budget for customer communication tooling—they are not using a free contact form.</p> <p><strong>Customer engagement maturity.</strong> Intercom implies a proactive approach to customer support and engagement. Sites running Intercom typically have a support team, defined response SLAs, and automated workflows. This is useful context for sales prospecting: these are companies that invest in customer experience.</p> <p><strong>Third-party script inventory.</strong> For security teams, knowing that Intercom’s JavaScript is loaded on a site matters. The Intercom messenger injects iframes, loads external scripts from <code>intercomcdn.com</code>, and sets persistent cookies. Any third-party script with that level of page access is worth tracking in a vendor audit.</p> <p><strong>Migration planning.</strong> If you are evaluating a move from Intercom to Zendesk, Drift, Crisp, or another platform, the first step is understanding exactly which Intercom features are in use: just the messenger widget, or also articles, product tours, and automated messages. The detection methods below help you inventory the integration depth.</p> <h2> Method 1 — Check the Page Source for Intercom Scripts </h2> <p>The simplest way to detect Intercom is to view the page source and search for its script signatures. In any browser, press <code>Ctrl+U</code> (or <code>Cmd+Option+U</code> on macOS) to view source, then search for these strings:</p> <ul> <li> <code>widget.intercom.io</code> — the Intercom messenger widget stylesheet</li> <li> <code>intercomcdn.com</code> — Intercom’s CDN for JavaScript assets</li> <li> <code>api.intercom.io</code> — the Intercom API endpoint for messenger initialization</li> <li> <code>intercom</code> in inline script blocks — the <code>window.intercomSettings</code> configuration object</li> </ul> <h3> What to Look For in the HTML </h3> <p>The standard Intercom installation embeds a JavaScript snippet that configures and boots the messenger. It typically looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="o">&lt;</span><span class="nx">script</span><span class="o">&gt;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">intercomSettings</span> <span class="o">=</span> <span class="p">{</span> <span class="na">api_base</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://api-iam.intercom.io</span><span class="dl">"</span><span class="p">,</span> <span class="na">app_id</span><span class="p">:</span> <span class="dl">"</span><span class="s2">abc123de</span><span class="dl">"</span> <span class="p">};</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span><span class="o">&lt;</span><span class="nx">script</span><span class="o">&gt;</span> <span class="p">(</span><span class="kd">function</span><span class="p">(){</span><span class="kd">var</span> <span class="nx">w</span><span class="o">=</span><span class="nb">window</span><span class="p">;</span><span class="kd">var</span> <span class="nx">ic</span><span class="o">=</span><span class="nx">w</span><span class="p">.</span><span class="nx">Intercom</span><span class="p">;</span><span class="k">if</span><span class="p">(</span><span class="k">typeof</span> <span class="nx">ic</span><span class="o">===</span><span class="dl">"</span><span class="s2">function</span><span class="dl">"</span><span class="p">){</span> <span class="nf">ic</span><span class="p">(</span><span class="dl">'</span><span class="s1">reattach_activator</span><span class="dl">'</span><span class="p">);</span><span class="nf">ic</span><span class="p">(</span><span class="dl">'</span><span class="s1">update</span><span class="dl">'</span><span class="p">,</span><span class="nx">w</span><span class="p">.</span><span class="nx">intercomSettings</span><span class="p">);}</span><span class="k">else</span><span class="p">{</span> <span class="kd">var</span> <span class="nx">d</span><span class="o">=</span><span class="nb">document</span><span class="p">;</span><span class="kd">var</span> <span class="nx">i</span><span class="o">=</span><span class="kd">function</span><span class="p">(){</span><span class="nx">i</span><span class="p">.</span><span class="nf">c</span><span class="p">(</span><span class="nx">arguments</span><span class="p">);};</span><span class="nx">i</span><span class="p">.</span><span class="nx">q</span><span class="o">=</span><span class="p">[];</span><span class="nx">i</span><span class="p">.</span><span class="nx">c</span><span class="o">=</span><span class="kd">function</span><span class="p">(</span><span class="nx">args</span><span class="p">){</span> <span class="nx">i</span><span class="p">.</span><span class="nx">q</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">args</span><span class="p">);};</span><span class="nx">w</span><span class="p">.</span><span class="nx">Intercom</span><span class="o">=</span><span class="nx">i</span><span class="p">;</span><span class="kd">var</span> <span class="nx">l</span><span class="o">=</span><span class="kd">function</span><span class="p">(){</span><span class="kd">var</span> <span class="nx">s</span><span class="o">=</span><span class="nx">d</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">);</span> <span class="nx">s</span><span class="p">.</span><span class="nx">type</span><span class="o">=</span><span class="dl">'</span><span class="s1">text/javascript</span><span class="dl">'</span><span class="p">;</span><span class="nx">s</span><span class="p">.</span><span class="k">async</span><span class="o">=</span><span class="kc">true</span><span class="p">;</span> <span class="nx">s</span><span class="p">.</span><span class="nx">src</span><span class="o">=</span><span class="dl">'</span><span class="s1">https://widget.intercom.io/widget/abc123de</span><span class="dl">'</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">x</span><span class="o">=</span><span class="nx">d</span><span class="p">.</span><span class="nf">getElementsByTagName</span><span class="p">(</span><span class="dl">'</span><span class="s1">script</span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">];</span> <span class="nx">x</span><span class="p">.</span><span class="nx">parentNode</span><span class="p">.</span><span class="nf">insertBefore</span><span class="p">(</span><span class="nx">s</span><span class="p">,</span><span class="nx">x</span><span class="p">);};</span><span class="nf">l</span><span class="p">();}})();</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span></code></pre> </div> <p>The <code>app_id</code> value (<code>abc123de</code> in this example) identifies the Intercom workspace. Every Intercom account has a unique app ID, which appears in both the <code>intercomSettings</code> object and the widget script URL.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Script Pattern</th> <th>Component</th> <th>What It Means</th> </tr> </thead> <tbody> <tr> <td>widget.intercom.io/widget/{app_id}</td> <td>Messenger widget</td> <td>Live chat and in-app messaging active</td> </tr> <tr> <td>static.intercomcdn.com</td> <td>CDN assets</td> <td>Intercom JavaScript bundle loaded</td> </tr> <tr> <td>api.intercom.io</td> <td>API endpoint</td> <td>Messenger communicating with Intercom backend</td> </tr> <tr> <td>window.intercomSettings</td> <td>Config object</td> <td>Intercom initialized with workspace settings</td> </tr> </tbody> </table></div> <blockquote> <p>Limitation: Viewing page source only shows scripts in the initial HTML. If Intercom is loaded after cookie consent or on specific pages only (e.g., the app dashboard but not the marketing site), it will not appear in the source of every page. Method 3 catches these cases by checking what the browser actually rendered.</p> </blockquote> <h2> Method 2 — Inspect Cookies and Local Storage </h2> <p>Intercom sets distinctive cookies and local storage entries that persist even if the messenger widget is not visible on the current page. Open Chrome DevTools (<code>F12</code>), go to <strong>Application &gt; Cookies</strong>, and look for these patterns:</p> <h3> Intercom Cookies </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Cookie Name Pattern</th> <th>Purpose</th> <th>Lifetime</th> </tr> </thead> <tbody> <tr> <td>intercom-session-{app_id}</td> <td>Session tracking for the messenger</td> <td>1 week</td> </tr> <tr> <td>intercom-id-{app_id}</td> <td>Anonymous visitor identity</td> <td>9 months</td> </tr> <tr> <td>intercom-device-id-{app_id}</td> <td>Device fingerprint for cross-session tracking</td> <td>9 months</td> </tr> </tbody> </table></div> <p>The <code>{app_id}</code> in the cookie name matches the workspace ID from the script installation. If you see any cookie starting with <code>intercom-</code>, that site runs Intercom.</p> <h3> Local Storage Entries </h3> <p>Intercom also writes to <code>localStorage</code>. In DevTools, go to <strong>Application &gt; Local Storage</strong> and look for keys starting with <code>intercom.</code>:</p> <ul> <li> <code>intercom.intercom-state-{app_id}</code> — messenger state (open/closed, unread count)</li> <li> <code>intercom.intercom-id</code> — visitor identity token</li> </ul> <p>Local storage entries persist across browser sessions and are a reliable indicator even when the Intercom widget has not fully loaded on the current page.</p> <blockquote> <p>Note: Cookies and local storage are set by client-side JavaScript, not by the server. A simple curl request will not trigger them. For cookie-based detection, you need to visit the site in a browser or headless browser that executes JavaScript.</p> </blockquote> <h2> Method 3 — Look for the Intercom Messenger Widget in the DOM </h2> <p>Once Intercom loads, it injects specific DOM elements into the page. These are reliable fingerprints because they use fixed IDs and attribute patterns that Intercom has maintained across versions.</p> <p>Open Chrome DevTools (<code>F12</code>), go to the <strong>Console</strong> tab, and run these checks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Check for the Intercom messenger iframe</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">iframe#intercom-frame</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Returns the iframe element if Intercom is loaded, null otherwise</span> <span class="c1">// Check for the Intercom widget stylesheet</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">link[href*="widget.intercom.io"]</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Returns the link element if present</span> <span class="c1">// Check for the Intercom launcher (the chat bubble)</span> <span class="nb">document</span><span class="p">.</span><span class="nf">querySelector</span><span class="p">(</span><span class="dl">'</span><span class="s1">.intercom-launcher</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Returns the launcher button element</span> </code></pre> </div> <p>If any of these return an element (not <code>null</code>), Intercom is active on the page.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>DOM Selector</th> <th>Element</th> <th>What It Confirms</th> </tr> </thead> <tbody> <tr> <td>iframe#intercom-frame</td> <td>Messenger iframe</td> <td>Intercom messenger widget is loaded and rendered</td> </tr> <tr> <td>link[href*="widget.intercom.io"]</td> <td>Widget stylesheet</td> <td>Intercom CSS has been injected into the page</td> </tr> <tr> <td>.intercom-launcher</td> <td>Chat bubble</td> <td>The visible launcher button is present</td> </tr> <tr> <td>#intercom-container</td> <td>Widget container</td> <td>The messenger container div exists in the DOM</td> </tr> </tbody> </table></div> <p>DOM inspection catches Intercom even when it is loaded dynamically after page load, behind a cookie consent banner, or via a tag manager like <a href="https://detectzestack.com/blog/how-to-detect-google-analytics" rel="noopener noreferrer">Google Tag Manager</a>. It is more reliable than source inspection for single-page applications where the initial HTML is minimal.</p> <h2> Method 4 — Check the JavaScript Global Object </h2> <p>Intercom exposes a global <code>window.Intercom</code> function that serves as its public API. This is one of the most reliable detection methods because Intercom requires this global to function—it cannot operate without it.</p> <p>In the browser console:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Check if the Intercom global exists</span> <span class="k">typeof</span> <span class="nb">window</span><span class="p">.</span><span class="nx">Intercom</span> <span class="c1">// Returns "function" if Intercom is loaded, "undefined" otherwise</span> <span class="c1">// Get the Intercom app ID from the booted instance</span> <span class="nb">window</span><span class="p">.</span><span class="nx">Intercom</span><span class="p">.</span><span class="nx">booted</span> <span class="c1">// Returns true if the messenger has been initialized</span> </code></pre> </div> <p>The <code>window.Intercom</code> function is used by the site’s own code to control the messenger: showing/hiding it, passing user data, triggering messages. Because it is part of Intercom’s public API contract, it is stable across versions and not likely to change.</p> <p>You can also extract configuration details:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// If intercomSettings is available, read the app ID</span> <span class="nb">window</span><span class="p">.</span><span class="nx">intercomSettings</span> <span class="o">&amp;&amp;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">intercomSettings</span><span class="p">.</span><span class="nx">app_id</span> <span class="c1">// Returns the workspace app ID (e.g., "abc123de")</span> </code></pre> </div> <blockquote> <p>Tip: Methods 3 and 4 (DOM and JavaScript global) require visiting the page in a browser. For automated detection across many domains, Method 5 (the API approach) handles this by performing full HTTP analysis server-side, including JavaScript fingerprinting.</p> </blockquote> <h2> Method 5 — Use the DetectZeStack API for Programmatic Detection </h2> <p>When you need to detect Intercom across hundreds or thousands of domains—for lead qualification, market research, or vendor auditing—manual methods do not scale. The DetectZeStack API detects Intercom via HTTP fingerprinting in a single request, alongside 7,300+ other technologies.</p> <h3> Single URL Analysis with curl </h3> <p>Try it without signing up. The <code>/demo</code> endpoint is rate-limited to 20 requests per hour per IP, but requires no authentication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.com/demo?url=intercom.com"</span> | jq <span class="s1">'.'</span> <span class="o">{</span> <span class="s2">"url"</span>: <span class="s2">"https://intercom.com"</span>, <span class="s2">"domain"</span>: <span class="s2">"intercom.com"</span>, <span class="s2">"technologies"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"Intercom"</span>, <span class="s2">"categories"</span>: <span class="o">[</span><span class="s2">"Live chat"</span>, <span class="s2">"Customer engagement"</span><span class="o">]</span>, <span class="s2">"confidence"</span>: 100, <span class="s2">"source"</span>: <span class="s2">"http"</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"React"</span>, <span class="s2">"categories"</span>: <span class="o">[</span><span class="s2">"JavaScript frameworks"</span><span class="o">]</span>, <span class="s2">"confidence"</span>: 100, <span class="s2">"source"</span>: <span class="s2">"http"</span> <span class="o">}</span>, ... <span class="o">]</span>, <span class="s2">"categories"</span>: <span class="o">{</span> <span class="s2">"Live chat"</span>: <span class="o">[</span><span class="s2">"Intercom"</span><span class="o">]</span>, <span class="s2">"Customer engagement"</span>: <span class="o">[</span><span class="s2">"Intercom"</span><span class="o">]</span>, <span class="s2">"JavaScript frameworks"</span>: <span class="o">[</span><span class="s2">"React"</span><span class="o">]</span>, ... <span class="o">}</span>, <span class="s2">"meta"</span>: <span class="o">{</span> <span class="s2">"status_code"</span>: 200, <span class="s2">"tech_count"</span>: 18, <span class="s2">"scan_depth"</span>: <span class="s2">"full"</span> <span class="o">}</span>, <span class="s2">"cached"</span>: <span class="nb">false</span>, <span class="s2">"response_ms"</span>: 920 <span class="o">}</span> </code></pre> </div> <p>Notice the <code>source: "http"</code> field on Intercom—the API detected it through HTTP fingerprinting, matching script patterns like <code>widget.intercom.io</code> and DOM elements like <code>iframe#intercom-frame</code>. This is the automated equivalent of Methods 1 through 4 combined.</p> <h3> Batch Detection Across Multiple Sites </h3> <p>For production use, the <code>/analyze</code> endpoint supports higher rate limits and is available through RapidAPI. To scan multiple domains, use the <code>/analyze/batch</code> endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-s</span> <span class="nt">-X</span> POST <span class="s2">"https://detectzestack.p.rapidapi.com/analyze/batch"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Host: detectzestack.p.rapidapi.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"urls": ["intercom.com", "drift.com", "zendesk.com"]}'</span> | jq <span class="s1">'.'</span> </code></pre> </div> <p>The batch endpoint accepts up to 10 URLs per request and returns results for each domain. This is ideal for building a spreadsheet of which prospects use Intercom versus competing live chat platforms like Drift, Zendesk, Crisp, or LiveChat.</p> <h3> Reading the API Response </h3> <p>The response structure makes it straightforward to filter for Intercom and related customer engagement technologies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check if Intercom is present on a site</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.com/demo?url=example.com"</span> | <span class="se">\</span> jq <span class="s1">'.technologies[] | select(.name == "Intercom")'</span> <span class="c"># Find all live chat tools on a site</span> <span class="nv">$ </span>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.com/demo?url=example.com"</span> | <span class="se">\</span> jq <span class="s1">'.categories["Live chat"]'</span> </code></pre> </div> <p>The <code>categories</code> object groups technologies by function. Intercom appears under “Live chat” and “Customer engagement”. You can use this to find all customer communication tools on a site at once—Intercom alongside tools like Zendesk, Drift, Freshdesk, or HubSpot.</p> <h2> Common Use Cases for Intercom Detection </h2> <h3> Competitive Intelligence for Sales Teams </h3> <p>If you sell customer support software, CRM tools, or competing messaging platforms, knowing which companies use Intercom is directly actionable. Intercom customers have already committed to a customer messaging strategy and have budget allocated for it. They are qualified prospects for any product that integrates with or replaces Intercom.</p> <p>Combine Intercom detection with other <a href="https://detectzestack.com/blog/tech-stack-enrichment-for-sales-teams" rel="noopener noreferrer">tech stack signals</a> to build richer prospect profiles. A company running Intercom alongside <a href="https://detectzestack.com/blog/how-to-detect-hubspot" rel="noopener noreferrer">HubSpot</a> likely has a mature marketing and support stack. A company using Intercom with <a href="https://detectzestack.com/blog/find-companies-using-stripe-technographic-prospecting" rel="noopener noreferrer">Stripe</a> has an online payment flow and is likely a SaaS or e-commerce business. These combinations tell you more than any single technology detection. For a deeper look at using technographic data in sales, see <a href="https://detectzestack.com/blog/sales-teams-competitive-intelligence" rel="noopener noreferrer">Sales Teams: Competitive Intelligence with Tech Stack Data</a>.</p> <h3> Security Auditing Third-Party Scripts </h3> <p>Intercom’s messenger loads external JavaScript, injects iframes, sets persistent cookies, and writes to local storage. For security-conscious organizations, tracking which third-party scripts have this level of access is essential for vendor auditing and compliance.</p> <p>Use the DetectZeStack API to inventory all third-party scripts on your domains. Intercom is one of many live chat and analytics tools that inject client-side code—knowing exactly which ones are present helps you assess your attack surface and maintain an accurate vendor register.</p> <h3> Migration Planning </h3> <p>If you are considering a switch from Intercom to another platform (or the reverse), the detection methods above tell you exactly which Intercom components are in use. A site that only loads the messenger widget is a simpler migration than one using Intercom Articles (help center), Product Tours, and automated messaging workflows.</p> <p>The API response categorizes Intercom under “Live chat” and “Customer engagement.” If the API also detects “Intercom Articles” (a separate technology entry), you know the help center is in use too—that is a larger migration scope.</p> <h2> Intercom Detection at Scale </h2> <p>Here is a practical Python script to scan a list of domains and flag which ones use Intercom:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">csv</span> <span class="kn">import</span> <span class="n">time</span> <span class="n">API_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze</span><span class="sh">"</span> <span class="n">HEADERS</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span> <span class="p">}</span> <span class="n">domains</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">intercom.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">drift.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">zendesk.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">crisp.chat</span><span class="sh">"</span><span class="p">]</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">intercom_audit.csv</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">w</span><span class="sh">"</span><span class="p">,</span> <span class="n">newline</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">writer</span> <span class="o">=</span> <span class="n">csv</span><span class="p">.</span><span class="nf">writer</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="n">writer</span><span class="p">.</span><span class="nf">writerow</span><span class="p">([</span><span class="sh">"</span><span class="s">domain</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">has_intercom</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">categories</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">other_live_chat</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">domain</span> <span class="ow">in</span> <span class="n">domains</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">API_URL</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">domain</span><span class="p">})</span> <span class="n">data</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">intercom</span> <span class="o">=</span> <span class="p">[</span> <span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">Intercom</span><span class="sh">"</span> <span class="p">]</span> <span class="n">live_chat</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">categories</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Live chat</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="n">other_chat</span> <span class="o">=</span> <span class="p">[</span><span class="n">t</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">live_chat</span> <span class="k">if</span> <span class="n">t</span> <span class="o">!=</span> <span class="sh">"</span><span class="s">Intercom</span><span class="sh">"</span><span class="p">]</span> <span class="k">if</span> <span class="n">intercom</span><span class="p">:</span> <span class="n">tech</span> <span class="o">=</span> <span class="n">intercom</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">writer</span><span class="p">.</span><span class="nf">writerow</span><span class="p">([</span> <span class="n">domain</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">tech</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">categories</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])),</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">other_chat</span><span class="p">)</span> <span class="k">if</span> <span class="n">other_chat</span> <span class="k">else</span> <span class="sh">""</span> <span class="p">])</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">domain</span><span class="si">}</span><span class="s">: Intercom detected</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">writer</span><span class="p">.</span><span class="nf">writerow</span><span class="p">([</span><span class="n">domain</span><span class="p">,</span> <span class="bp">False</span><span class="p">,</span> <span class="sh">""</span><span class="p">,</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">live_chat</span><span class="p">)])</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">domain</span><span class="si">}</span><span class="s">: no Intercom</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mf">0.5</span><span class="p">)</span> <span class="c1"># respect rate limits </span></code></pre> </div> <p>This produces a CSV with each domain, whether Intercom was found, its categories, and any competing live chat tools detected on the same site. For a more complete tutorial covering batch endpoints and error handling, see <a href="https://detectzestack.com/blog/website-technology-detection-python-tutorial" rel="noopener noreferrer">Detect Any Website’s Tech Stack with Python</a>.</p> <h2> Conclusion and Next Steps </h2> <p>Detecting Intercom manually works for one-off checks: view the source for <code>widget.intercom.io</code>, check cookies for <code>intercom-session-</code> prefixes, look for <code>iframe#intercom-frame</code> in the DOM, or test <code>window.Intercom</code> in the console. Each method catches a different aspect of the integration.</p> <p>For anything beyond a handful of sites—building prospect lists, monitoring competitor stacks, or auditing vendor dependencies—the DetectZeStack API automates all detection methods in a single request. One call returns Intercom, <a href="https://detectzestack.com/blog/how-to-detect-hubspot" rel="noopener noreferrer">HubSpot</a>, <a href="https://detectzestack.com/blog/how-to-detect-google-analytics" rel="noopener noreferrer">Google Analytics</a>, and every other technology on the site, with structured JSON output that feeds directly into your pipeline.</p> <h3> Related Reading </h3> <ul> <li> <a href="https://detectzestack.com/blog/how-to-detect-hubspot" rel="noopener noreferrer">How to Detect if a Website Uses HubSpot</a> — 4 methods from page source to API detection</li> <li> <a href="https://detectzestack.com/blog/tech-stack-enrichment-for-sales-teams" rel="noopener noreferrer">Tech Stack Enrichment for Sales Teams</a> — Why technographic data matters more than firmographics</li> <li> <a href="https://detectzestack.com/blog/sales-teams-competitive-intelligence" rel="noopener noreferrer">Sales Teams: Competitive Intelligence</a> — Using tech stack data for competitive positioning</li> <li> <a href="https://detectzestack.com/blog/detect-any-website-tech-stack-with-single-api-call" rel="noopener noreferrer">Detect Any Website’s Tech Stack with a Single API Call</a> — Overview of all four detection layers</li> <li> <a href="https://detectzestack.com/blog/dns-based-technology-detection" rel="noopener noreferrer">DNS-Based Technology Detection</a> — How CNAME records reveal hosting and marketing platforms</li> </ul> techstack webdev api tutorial MikeL Tue, 10 Mar 2026 02:49:22 +0000 https://dev.to/detectzestack/i-built-an-api-that-detects-7200-technologies-heres-how-it-works-7hd https://dev.to/detectzestack/i-built-an-api-that-detects-7200-technologies-heres-how-it-works-7hd <p>You visit a website. Within seconds, you want to know: what's it built with? What CDN? What framework? What analytics?</p> <p>I needed this for a project — bulk tech stack detection across thousands of domains. Wappalyzer's browser extension is great for one-off lookups, but I needed an API that could handle volume, return structured data, and catch things the browser extension misses.</p> <p>So I built <a href="https://detectzestack.com" rel="noopener noreferrer">DetectZeStack</a>, a tech stack detection API in Go. It scans 7,200+ technologies using four detection layers. Here's how it works under the hood.</p> <h2> The Problem With Single-Layer Detection </h2> <p>Most tech detection tools rely on one method: matching patterns in HTML, headers, and JavaScript. That's what Wappalyzer does, and it's genuinely good at it.</p> <p>But it misses things:</p> <ul> <li> <strong>DNS-level infrastructure</strong> (CDNs, hosting providers identified by CNAME records)</li> <li> <strong>TLS certificate issuers</strong> (tells you who provides their SSL — Cloudflare, AWS, Let's Encrypt)</li> <li> <strong>Infrastructure headers</strong> that aren't in the fingerprint database</li> </ul> <p>A site behind Cloudflare with a React frontend might only show "React" with single-layer detection. You'd miss the CDN, the certificate authority, and the hosting provider.</p> <h2> The Four Detection Layers </h2> <h3> Layer 1: Wappalyzer Fingerprinting (7,200+ signatures) </h3> <p>The foundation. I use <a href="https://github.com/projectdiscovery/wappalyzergo" rel="noopener noreferrer">wappalyzergo</a>, which ports Wappalyzer's fingerprint database to Go. It analyzes:</p> <ul> <li>HTML content (meta tags, script sources, DOM patterns)</li> <li>HTTP response headers (Server, X-Powered-By, etc.)</li> <li>JavaScript variables and objects</li> <li>Cookie names and patterns</li> </ul> <p>This alone catches most frontend frameworks, CMS platforms, analytics tools, and e-commerce platforms.</p> <h3> Layer 2: DNS CNAME/NS Fingerprinting (111 signatures) </h3> <p>Here's where it gets interesting. When you resolve a domain's DNS, the CNAME chain reveals infrastructure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>stripe.com → stripe.com.cdn.cloudflare.net → ... </code></pre> </div> <p>That CNAME tells you Cloudflare is involved, even if the HTTP headers are scrubbed clean.</p> <p>I maintain 111 DNS signatures mapping CNAME patterns to technologies:</p> <ul> <li> <code>*.cloudfront.net</code> → Amazon CloudFront</li> <li> <code>*.fastly.net</code> → Fastly</li> <li> <code>*.netlify.app</code> → Netlify</li> <li> <code>*.vercel-dns.com</code> → Vercel</li> <li> <code>*.herokuapp.com</code> → Heroku</li> </ul> <p>The DNS lookup runs <strong>in parallel</strong> with the HTTP fetch, so it adds zero latency. If DNS times out (2-second cap), the scan still returns HTTP-based results.</p> <h3> Layer 3: TLS Certificate Analysis </h3> <p>Every HTTPS connection includes a TLS handshake with the server's certificate. The certificate issuer reveals the SSL/TLS provider:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Certificate Issuer</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Cloudflare, Inc.</td> <td>Cloudflare SSL</td> </tr> <tr> <td>Amazon</td> <td>AWS Certificate Manager</td> </tr> <tr> <td>Let's Encrypt</td> <td>Let's Encrypt</td> </tr> <tr> <td>Google Trust Services</td> <td>Google Cloud</td> </tr> <tr> <td>DigiCert Inc</td> <td>DigiCert</td> </tr> </tbody> </table></div> <p>This is essentially free — the cert info is already in the TLS handshake, no extra request needed.</p> <h3> Layer 4: Custom Header Matching </h3> <p>Some infrastructure providers add unique headers that aren't in Wappalyzer's database:</p> <ul> <li> <code>X-Railway-Request-Id</code> → Railway (PaaS)</li> <li> <code>X-Amz-Cf-Pop</code> → Amazon CloudFront (edge location)</li> <li> <code>X-Nf-Request-Id</code> → Netlify</li> </ul> <p>These fill gaps where standard fingerprinting falls short.</p> <h2> Deduplication </h2> <p>When multiple layers detect the same technology, the API deduplicates by name. If Wappalyzer detects "Cloudflare" from headers AND DNS detects "Cloudflare" from CNAME, you get one entry — not two.</p> <p>Higher-confidence detections take priority. Wappalyzer's pattern match at 100% confidence beats a DNS-only detection at 80%.</p> <h2> What the Output Looks Like </h2> <p>Here's a real scan of <code>stripe.com</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://detectzestack.com/demo?url=stripe.com"</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://stripe.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"stripe.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon S3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CDN"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon S3 or Amazon Simple Storage Service..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://aws.amazon.com/s3/"</span><span class="p">,</span><span class="w"> </span><span class="nl">"icon"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon S3.svg"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon Web Services"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"PaaS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"website"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://aws.amazon.com/"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DigiCert"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"SSL/TLS certificate authority"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">70</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HSTS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Security"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Nginx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Web servers"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Reverse proxies"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"CDN"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Amazon S3"</span><span class="p">],</span><span class="w"> </span><span class="nl">"PaaS"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Amazon Web Services"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Security"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"HSTS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"SSL/TLS certificate authority"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"DigiCert"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Web servers"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Nginx"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status_code"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"tech_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"scan_depth"</span><span class="p">:</span><span class="w"> </span><span class="s2">"full"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Notice the DigiCert entry with 70% confidence — that came from TLS certificate analysis (Layer 3), not HTML fingerprinting.</p> <p>And here's <code>github.com</code>, which returns 8 technologies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://detectzestack.com/demo?url=github.com"</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon S3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CDN"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon Web Services"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"PaaS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"C3.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript libraries"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Contentful"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CMS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"GitHub Pages"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"PaaS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HSTS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Security"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"React"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript frameworks"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Sectigo"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"SSL/TLS certificate authority"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">70</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Contentful (CMS), C3.js (charting), React (frontend), Sectigo (TLS) — all from a single API call.</p> <h2> Architecture Decisions </h2> <p><strong>Why Go?</strong> Concurrency is first-class. The DNS lookup, HTTP fetch, and TLS extraction all run in parallel goroutines. A typical scan completes in 1-2 seconds.</p> <p><strong>Why not just wrap the Wappalyzer npm package?</strong> Performance and deployability. The Go binary is a single executable, ~15MB, runs on a $3/month Fly.io instance. No Node.js runtime, no headless browser, no Puppeteer.</p> <p><strong>Why SQLite for storage?</strong> The API caches scan results to avoid hammering target sites. SQLite is perfect for this — single-file database, zero configuration, handles thousands of concurrent reads. It runs alongside the API process on the same machine.</p> <p><strong>Why not headless browser rendering?</strong> Some JavaScript-heavy sites would benefit from it, but it would 10x the infrastructure cost and response time. Wappalyzer's static analysis catches the vast majority of technologies. If you need rendered-page analysis, tools like Wappalyzer's browser extension are the right choice.</p> <h2> Try It </h2> <p>The <code>/demo</code> endpoint is free, no signup needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Try it right now</span> curl <span class="s2">"https://detectzestack.com/demo?url=your-site.com"</span> </code></pre> </div> <p>For production use (higher rate limits, change tracking, history), it's on <a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">RapidAPI with a free tier</a> — 100 requests/month, no credit card.</p> <p>There are also alternatives worth considering: Wappalyzer's npm package if you want to self-host detection, and BuiltWith if you need historical data going back years. DetectZeStack's differentiator is the multi-layer detection approach and the structured API response with confidence scores.</p> <p>If you're building anything that needs tech stack data — competitive analysis, security auditing, lead enrichment — I'd love to hear about your use case. Drop a comment or find me on <a href="https://x.com/DetectZeStack" rel="noopener noreferrer">Twitter/X</a>.</p> webdev showdev go architecture MikeL Sun, 08 Mar 2026 01:31:49 +0000 https://dev.to/detectzestack/build-a-website-tech-stack-scanner-in-python-under-50-lines-273i https://dev.to/detectzestack/build-a-website-tech-stack-scanner-in-python-under-50-lines-273i <p>Ever wonder what tech stack a website is running? Maybe you're scoping out a competitor, enriching leads, or checking for outdated frameworks with known vulnerabilities.</p> <p>Here's a Python script that does it in under 50 lines. It calls a tech detection API, parses the response, and gives you a clean report.</p> <h2> The Full Script </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">sys</span> <span class="n">API_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze</span><span class="sh">"</span> <span class="n">HEADERS</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">scan</span><span class="p">(</span><span class="n">url</span><span class="p">):</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">API_URL</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">HEADERS</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">url</span><span class="p">})</span> <span class="n">resp</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="k">return</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">def</span> <span class="nf">report</span><span class="p">(</span><span class="n">data</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="si">{</span><span class="sh">'</span><span class="s">=</span><span class="sh">'</span> <span class="o">*</span> <span class="mi">50</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">domain</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> (HTTP </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">status_code</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> Scanned in </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">detection_time_ms</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">ms</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="sh">'</span><span class="s">=</span><span class="sh">'</span> <span class="o">*</span> <span class="mi">50</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Group by category </span> <span class="n">by_cat</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">tech</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]:</span> <span class="n">cat</span> <span class="o">=</span> <span class="n">tech</span><span class="p">[</span><span class="sh">"</span><span class="s">category</span><span class="sh">"</span><span class="p">]</span> <span class="n">by_cat</span><span class="p">.</span><span class="nf">setdefault</span><span class="p">(</span><span class="n">cat</span><span class="p">,</span> <span class="p">[]).</span><span class="nf">append</span><span class="p">(</span><span class="n">tech</span><span class="p">)</span> <span class="k">for</span> <span class="n">cat</span><span class="p">,</span> <span class="n">techs</span> <span class="ow">in</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">by_cat</span><span class="p">.</span><span class="nf">items</span><span class="p">()):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s"> </span><span class="si">{</span><span class="n">cat</span><span class="si">}</span><span class="s">:</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">techs</span><span class="p">:</span> <span class="n">ver</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s"> v</span><span class="si">{</span><span class="n">t</span><span class="p">[</span><span class="sh">'</span><span class="s">version</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="k">if</span> <span class="n">t</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">version</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span> <span class="sh">""</span> <span class="n">src</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">[</span><span class="si">{</span><span class="n">t</span><span class="p">[</span><span class="sh">'</span><span class="s">source</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">]</span><span class="sh">"</span> <span class="n">cpe</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s"> CPE: </span><span class="si">{</span><span class="n">t</span><span class="p">[</span><span class="sh">'</span><span class="s">cpe</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="k">if</span> <span class="n">t</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span> <span class="sh">""</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> - </span><span class="si">{</span><span class="n">t</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span><span class="si">}{</span><span class="n">ver</span><span class="si">}</span><span class="s"> </span><span class="si">{</span><span class="n">src</span><span class="si">}{</span><span class="n">cpe</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="s"> Total: </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">technologies</span><span class="sh">'</span><span class="p">])</span><span class="si">}</span><span class="s"> technologies detected</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="n">urls</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">:]</span> <span class="ow">or</span> <span class="p">[</span><span class="sh">"</span><span class="s">stripe.com</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">url</span> <span class="ow">in</span> <span class="n">urls</span><span class="p">:</span> <span class="nf">report</span><span class="p">(</span><span class="nf">scan</span><span class="p">(</span><span class="n">url</span><span class="p">))</span> </code></pre> </div> <p>Save this as <code>scan.py</code> and run it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python scan.py stripe.com github.com shopify.com </code></pre> </div> <h2> Sample Output </h2> <p>Here's what you get for <code>stripe.com</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>================================================== stripe.com (HTTP 200) Scanned in 847ms ================================================== CDN: - Cloudflare [dns] JavaScript frameworks: - React [wappalyzer] Web servers: - Nginx v1.25.3 [wappalyzer] CPE: cpe:2.3:a:f5:nginx:1.25.3:*:*:*:*:*:*:* Analytics: - Google Analytics [wappalyzer] SSL/TLS certificate authorities: - Let's Encrypt [tls] Total: 5 technologies detected </code></pre> </div> <h2> What's Happening Under the Hood </h2> <p>The API uses four detection layers:</p> <p><strong>1. HTTP Header Fingerprinting</strong><br> Headers like <code>Server: nginx/1.25.3</code> and <code>X-Powered-By: Express</code> reveal the web server and framework. Fast, but many production sites strip these.</p> <p><strong>2. HTML/DOM Pattern Matching</strong><br> The API scans page source for known patterns: <code>&lt;meta name="generator" content="WordPress"&gt;</code>, script URLs containing <code>react.production.min.js</code>, CSS class patterns like Tailwind's utilities. This is the core engine — over 7,200 technology signatures via <a href="https://github.com/projectdiscovery/wappalyzergo" rel="noopener noreferrer">wappalyzergo</a>.</p> <p><strong>3. DNS CNAME Analysis</strong><br> A DNS lookup reveals infrastructure that HTTP can't see. <code>example.com CNAME d1234.cloudfront.net</code> → Amazon CloudFront. The API checks against 111 CDN/hosting provider signatures.</p> <p><strong>4. TLS Certificate Inspection</strong><br> The certificate authority correlates with infrastructure: Let's Encrypt → self-hosted, Cloudflare Inc → Cloudflare proxy, Amazon → AWS.</p> <p>Each technology in the response includes a <code>source</code> field (<code>wappalyzer</code>, <code>dns</code>, <code>tls</code>, or <code>headers</code>) so you know exactly how it was detected.</p> <h2> Extending It: Batch Analysis </h2> <p>Need to scan multiple URLs efficiently? The API has a batch endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">urls</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">stripe.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">shopify.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">github.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">notion.so</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">vercel.com</span><span class="sh">"</span><span class="p">]</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/batch</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span> <span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="n">urls</span><span class="p">}</span> <span class="p">)</span> <span class="k">for</span> <span class="n">result</span> <span class="ow">in</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">results</span><span class="sh">"</span><span class="p">]:</span> <span class="n">techs</span> <span class="o">=</span> <span class="p">[</span><span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">domain</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="sh">'</span><span class="s">, </span><span class="sh">'</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">techs</span><span class="p">)</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>This sends one HTTP request instead of five.</p> <h2> Extending It: Security Scanning with CPE </h2> <p>The <code>cpe</code> field in the response maps detected technologies to the <a href="https://nvd.nist.gov/" rel="noopener noreferrer">NVD (National Vulnerability Database)</a>. You can cross-reference it to check for known CVEs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">for</span> <span class="n">tech</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]:</span> <span class="k">if</span> <span class="n">tech</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> </span><span class="si">{</span><span class="n">tech</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> → </span><span class="si">{</span><span class="n">tech</span><span class="p">[</span><span class="sh">'</span><span class="s">cpe</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Query NVD: https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName={cpe} </span></code></pre> </div> <p>This is useful for security audits and compliance checks.</p> <h2> Getting an API Key </h2> <p>The API is on <a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">RapidAPI</a>. The free tier gives you 100 requests/month — no credit card required. Enough to build and test with.</p> <p>Paid plans start at $9/month for 1,000 requests if you need more volume.</p> <p>What are you building with tech detection? Competitive analysis dashboards? Lead enrichment pipelines? Security scanners? Drop a comment — I'd love to hear your use case.</p> python tutorial webdev api MikeL Mon, 02 Mar 2026 13:59:43 +0000 https://dev.to/detectzestack/i-built-an-api-that-detects-7200-technologies-on-any-website-heres-how-the-detection-works-3oe3 https://dev.to/detectzestack/i-built-an-api-that-detects-7200-technologies-on-any-website-heres-how-the-detection-works-3oe3 <p>Every developer has wondered "what is that site built with?" I built an API to answer that question programmatically, and the detection system behind it is more interesting than you'd think.</p> <p>Here's how it works under the hood.</p> <h2> The Problem </h2> <p>Browser extensions like Wappalyzer can tell you what technologies a website uses. But if you want to check hundreds or thousands of sites programmatically — say, for market research, security audits, or competitive analysis — you need an API.</p> <p>BuiltWith offers one at $995/month. Wappalyzer's (now owned by Hostinger) starts at $450/month. I wanted something affordable, so I built my own.</p> <p>The result is <a href="https://detectzestack.com" rel="noopener noreferrer">DetectZeStack</a>, a Go API that combines four different detection methods to identify technologies on any website.</p> <h2> The Four Detection Layers </h2> <p>A single HTTP request to a website gives you surprisingly little information. To get accurate results, you need to look at multiple signals.</p> <h3> Layer 1: Wappalyzer Fingerprinting (~7,200 signatures) </h3> <p>This is the heavy hitter. The open-source <a href="https://github.com/projectdiscovery/wappalyzergo" rel="noopener noreferrer">wappalyzergo</a> library maintains thousands of fingerprint patterns that match against:</p> <ul> <li> <strong>HTTP response headers</strong> (e.g., <code>X-Powered-By: Express</code> → Node.js + Express)</li> <li> <strong>HTML body content</strong> (e.g., <code>&lt;meta name="generator" content="WordPress"&gt;</code>)</li> <li> <strong>JavaScript globals</strong> (e.g., <code>window.Shopify</code> → Shopify)</li> <li> <strong>Cookie names</strong> (e.g., <code>_ga</code> → Google Analytics)</li> </ul> <p>Each pattern has a confidence score. When a site's response matches a known pattern, we know what's behind it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// The core fingerprinting call</span> <span class="n">fingerprintsWithInfo</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">wap</span><span class="o">.</span><span class="n">FingerprintWithInfo</span><span class="p">(</span> <span class="n">fetchResult</span><span class="o">.</span><span class="n">Headers</span><span class="p">,</span> <span class="n">fetchResult</span><span class="o">.</span><span class="n">Body</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <p>This single function call does most of the work — checking HTTP headers and HTML body against all ~7,200 patterns.</p> <h3> Layer 2: DNS CNAME Resolution (111 signatures) </h3> <p>Here's where it gets interesting. Many hosting platforms and CDNs require you to set a CNAME record pointing to their infrastructure. By resolving a domain's DNS records, you can detect technologies that leave <strong>zero traces</strong> in HTTP responses.</p> <p>For example:</p> <ul> <li> <code>example.com → d1234.cloudfront.net</code> → Amazon CloudFront</li> <li> <code>example.com → example.netlify.app</code> → Netlify</li> <li> <code>example.com → example.ghost.io</code> → Ghost CMS </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// DNS lookup runs in parallel with HTTP fetch</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">techs</span> <span class="o">:=</span> <span class="n">DetectFromDNS</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">domain</span><span class="p">,</span> <span class="n">d</span><span class="o">.</span><span class="n">dnsResolver</span><span class="p">)</span> <span class="n">dnsCh</span> <span class="o">&lt;-</span> <span class="n">dnsResult</span><span class="p">{</span><span class="n">techs</span><span class="o">:</span> <span class="n">techs</span><span class="p">}</span> <span class="p">}()</span> </code></pre> </div> <p>This runs <strong>concurrently</strong> with the HTTP request — no extra latency. I maintain 111 CNAME suffix-to-technology mappings covering CDNs, hosting platforms, email providers, and more.</p> <h3> Layer 3: TLS Certificate Inspection (8 issuers) </h3> <p>The TLS handshake happens before any HTTP data is exchanged, and the certificate issuer tells you something about the infrastructure:</p> <ul> <li> <strong>Cloudflare</strong> issues its own certs for proxied sites</li> <li> <strong>Amazon</strong> certs suggest AWS infrastructure</li> <li> <strong>Google Trust Services</strong> suggests Google Cloud</li> <li> <strong>Let's Encrypt</strong> is common on self-hosted setups </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">tlsSignatures</span> <span class="o">=</span> <span class="p">[]</span><span class="n">TLSSignature</span><span class="p">{</span> <span class="p">{</span><span class="s">"Cloudflare"</span><span class="p">,</span> <span class="s">"Cloudflare"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"CDN"</span><span class="p">}},</span> <span class="p">{</span><span class="s">"Amazon"</span><span class="p">,</span> <span class="s">"Amazon Web Services"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"Cloud hosting"</span><span class="p">}},</span> <span class="p">{</span><span class="s">"Let's Encrypt"</span><span class="p">,</span> <span class="s">"Let's Encrypt"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"SSL/TLS certificate authority"</span><span class="p">}},</span> <span class="c">// ... 5 more</span> <span class="p">}</span> </code></pre> </div> <p>During the HTTP fetch, the TLS certificate issuer is extracted from the connection and matched against known issuers.</p> <h3> Layer 4: Custom HTTP Header Matching (3 signatures) </h3> <p>Some platforms add distinctive headers that wappalyzergo doesn't cover yet. Rather than waiting for upstream, I maintain a small set of custom signatures:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">customHeaderSignatures</span> <span class="o">=</span> <span class="p">[]</span><span class="n">HeaderSignature</span><span class="p">{</span> <span class="p">{</span><span class="s">"X-Railway-Request-Id"</span><span class="p">,</span> <span class="s">"exact"</span><span class="p">,</span> <span class="s">"Railway"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"PaaS"</span><span class="p">}},</span> <span class="p">{</span><span class="s">"X-Amz-Cf-Pop"</span><span class="p">,</span> <span class="s">"exact"</span><span class="p">,</span> <span class="s">"Amazon CloudFront"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"CDN"</span><span class="p">}},</span> <span class="p">{</span><span class="s">"X-Nf-"</span><span class="p">,</span> <span class="s">"prefix"</span><span class="p">,</span> <span class="s">"Netlify"</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"PaaS"</span><span class="p">,</span> <span class="s">"CDN"</span><span class="p">}},</span> <span class="p">}</span> </code></pre> </div> <p>These catch services like Railway.app (no Wappalyzer entry) and Netlify edge headers.</p> <h2> How It All Fits Together </h2> <p>The detection flow runs in two parallel paths:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request: "analyze stripe.com" | +----+----+ | | HTTP DNS Fetch Lookup | | +- Wappalyzer fingerprinting (headers + body) +- Custom header matching +- TLS cert issuer extraction | | +----+----+ | Deduplicate &amp; merge | Sort alphabetically | Return result </code></pre> </div> <p>DNS and HTTP run concurrently, so total latency is <code>max(http_time, dns_time)</code> rather than the sum. For most sites, results come back in 1-3 seconds.</p> <p>The deduplication step is important — if Wappalyzer detects "Cloudflare" from a <code>cf-ray</code> header AND the DNS CNAME points to Cloudflare AND the TLS cert is issued by Cloudflare, we only report it once. Multiple detection paths increase confidence without duplicating results.</p> <h2> Real Output </h2> <p>Here's what the API returns for stripe.com:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"stripe.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon S3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CDN"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Amazon Web Services"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"PaaS"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DigiCert"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"SSL/TLS certificate authority"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">70</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HSTS"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Security"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Nginx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Web servers"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Reverse proxies"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status_code"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"tech_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Notice the <code>cpe</code> field on Nginx — that's a <a href="https://nvd.nist.gov/products/cpe" rel="noopener noreferrer">Common Platform Enumeration</a> identifier. It lets you cross-reference detected technologies against the NVD vulnerability database. Not every technology has a CPE, but when one exists, the API includes it.</p> <h2> SSRF Protection </h2> <p>When you build an API that fetches arbitrary URLs, security is critical. Without protection, someone could pass <code>http://169.254.169.254/latest/meta-data/</code> and read your cloud instance's metadata.</p> <p>The fetcher validates every URL before making a request:</p> <ol> <li>Parse and normalize the URL</li> <li>Resolve the domain to IP addresses</li> <li>Block private/reserved IP ranges (127.x, 10.x, 169.254.x, etc.)</li> <li>Block non-HTTP(S) schemes</li> <li>Follow redirects (up to 10) but re-validate each redirect target</li> </ol> <p>This is the boring-but-critical part that you skip at your peril.</p> <h2> Try It Yourself </h2> <p>The API has a free demo endpoint — no signup, no API key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://detectzestack.com/demo?url=shopify.com"</span> </code></pre> </div> <p>This returns the full detection result. Rate-limited to 20 requests per hour per IP, which is enough to play around with.</p> <p>For production use, there's a free tier (100 requests/month) and a Pro tier ($9/month for 1,000 requests) on <a href="https://rapidapi.com/detectzestack/api/detectzestack" rel="noopener noreferrer">RapidAPI</a>.</p> <h2> What I'd Do Differently </h2> <p>If I were starting over:</p> <ol> <li><p><strong>Start with DNS detection earlier.</strong> I added it late and was surprised how much it catches that HTTP-only detection misses. Ghost blogs, Netlify sites, and many email providers are invisible to Wappalyzer but obvious from DNS.</p></li> <li><p><strong>Build the TLS layer from day one.</strong> Same story — the certificate issuer is free information you already receive during the handshake. Not extracting it is leaving data on the table.</p></li> <li><p><strong>Use wappalyzergo, not Wappalyzer's npm package.</strong> The Go port is maintained by ProjectDiscovery, compiles to a single binary, and runs faster than the Node.js version. If you're building a service, Go is a solid choice here.</p></li> </ol> <h2> The Stack </h2> <ul> <li> <strong>Language</strong>: Go 1.24</li> <li> <strong>Router</strong>: chi</li> <li> <strong>Database</strong>: SQLite (yes, in production — it works great for read-heavy workloads)</li> <li> <strong>Detection</strong>: wappalyzergo + custom layers</li> <li> <strong>Hosting</strong>: Fly.io (single region, single instance)</li> <li> <strong>DNS</strong>: Cloudflare</li> </ul> <p>Total monthly hosting cost: ~$5.</p> <p>If you have questions about the detection approach or want to see how a specific site gets detected, drop a comment — I'll run it through the API and share the results.</p> webdev showdev go architecture MikeL Wed, 18 Feb 2026 21:40:23 +0000 https://dev.to/detectzestack/security-audit-any-websites-dependencies-with-cpe-data-1n6i https://dev.to/detectzestack/security-audit-any-websites-dependencies-with-cpe-data-1n6i <p>Every technology on a website is a potential attack surface. An outdated jQuery version, an unpatched WordPress plugin, a web server with a known CVE — these are the entry points attackers look for.</p> <p>The problem is visibility. How do you know what technologies a website runs, and which have known vulnerabilities?</p> <p><a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> returns <strong>CPE (Common Platform Enumeration) identifiers</strong> for every detected technology. CPE is the standard naming scheme used by NIST's National Vulnerability Database (NVD) to link software products to their known vulnerabilities (CVEs).</p> <h2> How CPE-Based Security Auditing Works </h2> <ol> <li> <strong>Detect technologies</strong> — scan a website to identify all tech</li> <li> <strong>Extract CPE IDs</strong> — each technology includes its CPE identifier</li> <li> <strong>Query NVD</strong> — look up each CPE for known CVEs</li> <li> <strong>Assess risk</strong> — prioritize by CVSS score</li> </ol> <h2> Step 1: Detect Technologies with CPE Data </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.fly.dev/analyze?url=example.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> | jq <span class="s1">'.technologies[] | {name, cpe}'</span> </code></pre> </div> <p>Example response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Nginx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jQuery"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"WordPress"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <blockquote> <p><strong>What's a CPE?</strong> It's a structured naming scheme for IT products. <code>cpe:2.3:a:wordpress:wordpress:*</code> means "application, vendor wordpress, product wordpress, any version." The NVD uses CPEs to link products to CVE entries.</p> </blockquote> <h2> Step 2: Query the NVD for Vulnerabilities </h2> <p>Here's a Python script that takes DetectZeStack output and checks each technology for known vulnerabilities:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">time</span> <span class="n">DETECTZESTACK_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://detectzestack.fly.dev/analyze</span><span class="sh">"</span> <span class="n">NVD_API_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://services.nvd.nist.gov/rest/json/cves/2.0</span><span class="sh">"</span> <span class="n">API_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your-detectzestack-key</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">audit_website</span><span class="p">(</span><span class="n">domain</span><span class="p">):</span> <span class="c1"># Detect technologies </span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">DETECTZESTACK_URL</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">domain</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">X-Api-Key</span><span class="sh">"</span><span class="p">:</span> <span class="n">API_KEY</span> <span class="p">})</span> <span class="n">techs</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">().</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="n">findings</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">tech</span> <span class="ow">in</span> <span class="n">techs</span><span class="p">:</span> <span class="n">cpe</span> <span class="o">=</span> <span class="n">tech</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">cpe</span><span class="p">:</span> <span class="k">continue</span> <span class="c1"># Query NVD </span> <span class="n">nvd_resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">NVD_API_URL</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">cpeName</span><span class="sh">"</span><span class="p">:</span> <span class="n">cpe</span><span class="p">,</span> <span class="sh">"</span><span class="s">resultsPerPage</span><span class="sh">"</span><span class="p">:</span> <span class="mi">10</span> <span class="p">})</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mf">0.6</span><span class="p">)</span> <span class="c1"># NVD rate limit </span> <span class="n">vulns</span> <span class="o">=</span> <span class="n">nvd_resp</span><span class="p">.</span><span class="nf">json</span><span class="p">().</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">vulnerabilities</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="n">vulns</span><span class="p">:</span> <span class="n">findings</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">technology</span><span class="sh">"</span><span class="p">:</span> <span class="n">tech</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">:</span> <span class="n">cpe</span><span class="p">,</span> <span class="sh">"</span><span class="s">cve_count</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">vulns</span><span class="p">),</span> <span class="sh">"</span><span class="s">top_cves</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="n">v</span><span class="p">[</span><span class="sh">"</span><span class="s">cve</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">vulns</span><span class="p">[:</span><span class="mi">5</span><span class="p">]]</span> <span class="p">})</span> <span class="k">return</span> <span class="n">findings</span> <span class="n">findings</span> <span class="o">=</span> <span class="nf">audit_website</span><span class="p">(</span><span class="sh">"</span><span class="s">target-site.com</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="n">findings</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">f</span><span class="p">[</span><span class="sh">'</span><span class="s">technology</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">f</span><span class="p">[</span><span class="sh">'</span><span class="s">cve_count</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> known vulnerabilities</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">cve</span> <span class="ow">in</span> <span class="n">f</span><span class="p">[</span><span class="sh">'</span><span class="s">top_cves</span><span class="sh">'</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> - </span><span class="si">{</span><span class="n">cve</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Step 3: Automate Continuous Monitoring </h2> <p>Set up webhook alerts for real-time tech change notifications:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"https://detectzestack.fly.dev/webhooks"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "domain": "app.yourcompany.com", "webhook_url": "https://your-siem.com/webhook/techstack", "secret": "hmac-secret-for-verification" }'</span> </code></pre> </div> <p>When a technology changes on a monitored domain, you'll receive a webhook. Feed this into your vulnerability management pipeline to check for newly introduced risks.</p> <h2> Practical Use Cases </h2> <p><strong>Vendor Risk Assessment:</strong> Before onboarding a SaaS vendor, audit their website. Outdated frameworks or missing security headers are red flags.</p> <p><strong>Supply Chain Monitoring:</strong> Track tech changes across critical suppliers. If a partner drops HTTPS or switches CDNs, you want to know.</p> <p><strong>Penetration Test Recon:</strong> Start engagements with a comprehensive technology inventory. Four detection layers (HTTP, DNS, TLS, headers) surface infrastructure that manual inspection misses.</p> <p><strong>Compliance Reporting:</strong> Generate evidence that your web properties use current, patched technologies for SOC 2, ISO 27001, or PCI DSS audits.</p> <h2> Why Not Just Use a Vulnerability Scanner? </h2> <p>Traditional scanners (Nessus, Qualys) require network access and authenticated scans. DetectZeStack works from the outside — you can audit any public website, including vendor sites you don't control. They're complementary tools.</p> <h2> Cost </h2> <p>Manual vendor security assessments cost $500-2,000 per vendor. Automated tools like BitSight charge $15,000-50,000/year.</p> <p>With DetectZeStack at <strong>$5/month</strong> (5,000 requests), you can audit 5,000 domains monthly. That's enterprise-grade coverage at indie pricing.</p> <p><strong><a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">Get your free API key</a></strong> — 100 requests/month, no credit card required.</p> <p><em>How do you handle external dependency auditing? I'd love to hear your approach in the comments.</em></p> security api webdev python MikeL Wed, 18 Feb 2026 21:39:35 +0000 https://dev.to/detectzestack/how-to-build-a-lead-enrichment-pipeline-with-tech-detection-1pg2 https://dev.to/detectzestack/how-to-build-a-lead-enrichment-pipeline-with-tech-detection-1pg2 <p>Your CRM has thousands of leads. Names, emails, company URLs. But without knowing what technologies those companies use, your sales team is shooting in the dark.</p> <p>Tech stack data transforms cold outreach into relevant conversations. If you're selling a Shopify app, you only want leads running Shopify. If you offer WordPress security, you need WordPress sites.</p> <p>In this guide, we'll build a lead enrichment pipeline that takes a list of company domains and enriches each one with technology data using the <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack API</a>.</p> <h2> The Pipeline </h2> <ol> <li> <strong>Export leads</strong> from your CRM (just the domain column)</li> <li> <strong>Batch analyze</strong> with DetectZeStack (10 domains per request)</li> <li> <strong>Filter and score</strong> leads by technology match</li> <li> <strong>Push enriched data</strong> back to your CRM</li> </ol> <h2> Step 1: Prepare Your Domain List </h2> <p>Export your leads as a CSV. The only required field is the company's domain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>domains.csv: company,domain Acme Corp,acmecorp.com Globex Inc,globex.io Initech,initech.com </code></pre> </div> <h2> Step 2: Batch Analyze </h2> <p>The <code>/analyze/batch</code> endpoint processes up to 10 URLs concurrently. Here's a Python script that reads your CSV and enriches each domain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">csv</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">time</span> <span class="n">API_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://detectzestack.fly.dev/analyze/batch</span><span class="sh">"</span> <span class="n">API_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your-api-key</span><span class="sh">"</span> <span class="n">BATCH_SIZE</span> <span class="o">=</span> <span class="mi">10</span> <span class="k">def</span> <span class="nf">enrich_domains</span><span class="p">(</span><span class="n">csv_path</span><span class="p">):</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">csv_path</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">rows</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="n">csv</span><span class="p">.</span><span class="nc">DictReader</span><span class="p">(</span><span class="n">f</span><span class="p">))</span> <span class="n">enriched</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nf">len</span><span class="p">(</span><span class="n">rows</span><span class="p">),</span> <span class="n">BATCH_SIZE</span><span class="p">):</span> <span class="n">batch</span> <span class="o">=</span> <span class="n">rows</span><span class="p">[</span><span class="n">i</span><span class="p">:</span><span class="n">i</span> <span class="o">+</span> <span class="n">BATCH_SIZE</span><span class="p">]</span> <span class="n">urls</span> <span class="o">=</span> <span class="p">[</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">domain</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">batch</span><span class="p">]</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="n">API_URL</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="n">urls</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">X-Api-Key</span><span class="sh">"</span><span class="p">:</span> <span class="n">API_KEY</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span> <span class="p">})</span> <span class="n">results</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">().</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">results</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="k">for</span> <span class="n">row</span><span class="p">,</span> <span class="n">result</span> <span class="ow">in</span> <span class="nf">zip</span><span class="p">(</span><span class="n">batch</span><span class="p">,</span> <span class="n">results</span><span class="p">):</span> <span class="n">techs</span> <span class="o">=</span> <span class="p">[</span><span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])]</span> <span class="n">categories</span> <span class="o">=</span> <span class="nf">set</span><span class="p">()</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]):</span> <span class="n">categories</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">t</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">categories</span><span class="sh">"</span><span class="p">,</span> <span class="p">[]))</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">techs</span><span class="p">)</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">categories</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">categories</span><span class="p">)</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">tech_count</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">len</span><span class="p">(</span><span class="n">techs</span><span class="p">)</span> <span class="n">enriched</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">row</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Respect rate limits </span> <span class="k">return</span> <span class="n">enriched</span> <span class="n">results</span> <span class="o">=</span> <span class="nf">enrich_domains</span><span class="p">(</span><span class="sh">"</span><span class="s">domains.csv</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>For 1,000 leads, that's 100 API calls — well within the Pro plan's 5,000 monthly limit.</p> <h2> Step 3: Filter and Score </h2> <p>Now filter leads by relevance:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Find all Shopify stores </span><span class="n">shopify_leads</span> <span class="o">=</span> <span class="p">[</span><span class="n">r</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">results</span> <span class="k">if</span> <span class="sh">"</span><span class="s">Shopify</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]]</span> <span class="c1"># Find WordPress sites without a CDN </span><span class="n">wp_no_cdn</span> <span class="o">=</span> <span class="p">[</span> <span class="n">r</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">results</span> <span class="k">if</span> <span class="sh">"</span><span class="s">WordPress</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]</span> <span class="ow">and</span> <span class="ow">not</span> <span class="nf">any</span><span class="p">(</span><span class="n">cdn</span> <span class="ow">in</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">cdn</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">"</span><span class="s">Cloudflare</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Fastly</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">CloudFront</span><span class="sh">"</span><span class="p">])</span> <span class="p">]</span> <span class="c1"># Score leads by tech stack overlap with your ideal customer </span><span class="n">TARGET_TECHS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">React</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Next.js</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Vercel</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Stripe</span><span class="sh">"</span><span class="p">}</span> <span class="k">for</span> <span class="n">lead</span> <span class="ow">in</span> <span class="n">results</span><span class="p">:</span> <span class="n">lead_techs</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">lead</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="s">, </span><span class="sh">"</span><span class="p">))</span> <span class="n">lead</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">len</span><span class="p">(</span><span class="n">lead_techs</span> <span class="o">&amp;</span> <span class="n">TARGET_TECHS</span><span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="nf">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">r</span><span class="p">:</span> <span class="n">r</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <blockquote> <p><strong>Pro tip:</strong> Use the <code>/compare</code> endpoint to compare a prospect's stack against your best customer's stack. High overlap = high-probability close.</p> </blockquote> <h2> Step 4: Push to Your CRM </h2> <p>Most CRMs support custom fields. Once technology data is in your CRM, you can:</p> <ul> <li>Create smart lists filtered by technology ("All Shopify + Klaviyo leads")</li> <li>Trigger automated sequences based on tech stack match</li> <li>Personalize email templates with technology references</li> <li>Route leads to the right sales rep based on tech expertise</li> </ul> <h2> Real-World Use Cases </h2> <p><strong>SaaS Sales:</strong> Find companies using a competitor's product. "I noticed you're using [Competitor] — here's how we compare."</p> <p><strong>Agency Prospecting:</strong> Find sites on outdated tech. "Your site runs jQuery 1.x — we can modernize it."</p> <p><strong>Platform Partnerships:</strong> Find companies in your ecosystem. "You're on Vercel + Next.js — our integration is built for your stack."</p> <p><strong>Security Services:</strong> Identify sites with <a href="https://detectzestack.fly.dev/blog/detect-vulnerable-technologies-with-cpe" rel="noopener noreferrer">known vulnerable technologies using CPE data</a>. Offer remediation.</p> <h2> Keeping Data Fresh </h2> <p>Tech stacks change. Set up webhook alerts for real-time monitoring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"https://detectzestack.fly.dev/webhooks"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "domain": "important-prospect.com", "webhook_url": "https://your-app.com/webhook", "secret": "your-hmac-secret" }'</span> </code></pre> </div> <h2> Cost Comparison </h2> <p>Enriching 1,000 leads monthly:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>Monthly Cost</th> </tr> </thead> <tbody> <tr> <td>BuiltWith</td> <td>$995/mo</td> </tr> <tr> <td>Wappalyzer</td> <td>$450/mo</td> </tr> <tr> <td><strong>DetectZeStack</strong></td> <td><strong>$5/mo</strong></td> </tr> </tbody> </table></div> <p>At $5/month for 5,000 requests, you can enrich your entire pipeline for less than a single month of the cheapest alternative. See our <a href="https://detectzestack.fly.dev/blog/builtwith-vs-wappalyzer-vs-detectzestack" rel="noopener noreferrer">full comparison</a> for details.</p> <p><strong><a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">Get your free API key</a></strong> — 100 requests/month, no credit card required.</p> <p><em>What's your lead enrichment workflow? I'd love to hear how you're using tech detection in the comments.</em></p> webdev api sales python MikeL Wed, 18 Feb 2026 21:35:46 +0000 https://dev.to/detectzestack/builtwith-vs-wappalyzer-vs-detectzestack-which-tech-detection-tool-is-right-for-you-1gcb https://dev.to/detectzestack/builtwith-vs-wappalyzer-vs-detectzestack-which-tech-detection-tool-is-right-for-you-1gcb <p>If you need to detect what technologies a website uses, you've probably come across BuiltWith and Wappalyzer. They've been around for years and dominate the space. But they were built for a different era — one where $300+/month for API access was the only option.</p> <p>I built <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> as a developer-first alternative. In this post, I'll compare all three honestly — including where each tool excels and falls short.</p> <h2> Quick Comparison </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>BuiltWith</th> <th>Wappalyzer</th> <th>DetectZeStack</th> </tr> </thead> <tbody> <tr> <td>Starting price</td> <td>$295/mo</td> <td>$250/mo</td> <td> <strong>Free</strong> (100 req/mo)</td> </tr> <tr> <td>API access</td> <td>$995/mo</td> <td>$450/mo</td> <td> <strong>$5/mo</strong> (5K requests)</td> </tr> <tr> <td>Technology signatures</td> <td>~111,000</td> <td>~8,000</td> <td>3,500+</td> </tr> <tr> <td>Real-time analysis</td> <td>Cached/crawled</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Detection method</td> <td>Web crawling</td> <td>HTTP + HTML</td> <td>HTTP + HTML + DNS + TLS</td> </tr> <tr> <td>DNS/TLS detection</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>CPE identifiers</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Stack comparison</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Webhook alerts</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> <tr> <td>Free tier</td> <td>No</td> <td>Browser extension only</td> <td><strong>100 req/mo</strong></td> </tr> </tbody> </table></div> <h2> BuiltWith: The Enterprise Standard </h2> <p>BuiltWith has been around since 2007 and has the largest technology database — over 111,000 signatures. It's the go-to for enterprise sales teams and market researchers.</p> <p><strong>Strengths:</strong></p> <ul> <li>Massive database: 111K+ technologies, including obscure plugins and analytics tools</li> <li>Historical data going back years</li> <li>Built-in lead list generation filtered by technology</li> <li>Market share reports across millions of sites</li> </ul> <p><strong>Weaknesses:</strong></p> <ul> <li>Starts at $295/month, API requires Pro at $995/month</li> <li>Stale data — crawls periodically, not on demand</li> <li>No real-time analysis — only reports what it found during its last crawl</li> <li>Complex pricing tiers</li> </ul> <p><strong>Best for:</strong> Enterprise sales teams with budget for historical data and lead lists.</p> <h2> Wappalyzer: The Developer Favorite </h2> <p>Wappalyzer started as an open-source browser extension in 2009. It was acquired by Sindup in August 2023, and the <a href="https://github.com/wappalyzer/wappalyzer" rel="noopener noreferrer">open-source repository</a> was archived.</p> <p><strong>Strengths:</strong></p> <ul> <li>Well-known brand with strong community</li> <li>~8,000 well-maintained technology signatures</li> <li>Free browser extension for one-off lookups</li> <li>CRM integrations (HubSpot, Salesforce, Pipedrive)</li> </ul> <p><strong>Weaknesses:</strong></p> <ul> <li>API starts at $250/month (Starter), $450/month (Business)</li> <li>No longer open source — fingerprints are closed</li> <li>Frontend-only detection (HTTP + HTML) — misses infrastructure</li> <li>No CPE data for security use cases</li> <li>Restrictive rate limits on paid plans</li> </ul> <p><strong>Best for:</strong> Teams that need CRM integrations and are in the Wappalyzer ecosystem.</p> <h2> DetectZeStack: The Developer-First API </h2> <p><a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> was built from the ground up as a REST API. No dashboards, no CRM plugins — just a fast, well-documented API that returns structured JSON.</p> <p><strong>Strengths:</strong></p> <ul> <li>Free tier (100 req/mo), paid starts at $5/mo for 5K requests</li> <li>Multi-layer detection: Wappalyzer fingerprinting + DNS CNAME + TLS certificates + custom headers</li> <li>CPE identifiers for mapping to the <a href="https://nvd.nist.gov/" rel="noopener noreferrer">NVD vulnerability database</a> </li> <li> <code>/compare</code> endpoint for side-by-side stack analysis</li> <li>Webhook alerts for tech change monitoring</li> <li>Real-time analysis with 24-hour caching</li> </ul> <p><strong>Weaknesses:</strong></p> <ul> <li>Smaller signature database (3,500+ vs 111K)</li> <li>No historical data (tracks changes going forward, no backfill)</li> <li>No browser extension — API-only (with a <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">live demo</a>)</li> <li>New product (launched Feb 2026)</li> </ul> <p><strong>Best for:</strong> Developers who need programmatic tech detection at a reasonable price, especially security teams (CPE data).</p> <h2> Pricing: The Elephant in the Room </h2> <p>For 5,000 API requests per month:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>BuiltWith</th> <th>Wappalyzer</th> <th>DetectZeStack</th> </tr> </thead> <tbody> <tr> <td>Monthly cost</td> <td>$995</td> <td>$450</td> <td><strong>$5</strong></td> </tr> <tr> <td>Annual cost</td> <td>$11,940</td> <td>$5,400</td> <td><strong>$60</strong></td> </tr> <tr> <td>Cost per request</td> <td>$0.199</td> <td>$0.090</td> <td><strong>$0.001</strong></td> </tr> </tbody> </table></div> <p>At 25,000 requests/month, DetectZeStack costs $15/month vs $995+ for BuiltWith and $450+ for Wappalyzer. That's a <strong>60x-90x price difference</strong>.</p> <h2> Detection Accuracy: A Practical Test </h2> <p>We ran all three tools against <code>github.com</code>:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Technology</th> <th>BuiltWith</th> <th>Wappalyzer</th> <th>DetectZeStack</th> </tr> </thead> <tbody> <tr> <td>Ruby on Rails</td> <td>Yes</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>React</td> <td>Yes</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Nginx</td> <td>Yes</td> <td>Yes</td> <td>Yes</td> </tr> <tr> <td>Fastly CDN</td> <td>No</td> <td>No</td> <td> <strong>Yes</strong> (DNS CNAME)</td> </tr> <tr> <td>DigiCert TLS</td> <td>No</td> <td>No</td> <td> <strong>Yes</strong> (TLS cert)</td> </tr> <tr> <td>CPE identifiers</td> <td>No</td> <td>No</td> <td><strong>Yes</strong></td> </tr> </tbody> </table></div> <p>All three catch major technologies. DetectZeStack's DNS and TLS layers add infrastructure visibility that HTTP-only tools miss. BuiltWith detects more niche technologies thanks to its larger database.</p> <h2> Try It Yourself </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-s</span> <span class="s2">"https://detectzestack.fly.dev/analyze?url=your-site.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> | jq <span class="s1">'.technologies[].name'</span> </code></pre> </div> <p>Compare results against BuiltWith's free lookup and the Wappalyzer extension. For most developer use cases, DetectZeStack catches everything you need — plus infrastructure — at a fraction of the cost.</p> <p><strong><a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">Get your free API key on RapidAPI</a></strong> — 100 requests/month, no credit card required.</p> <p><em>What tech detection tools do you use? I'd love to hear about your use cases in the comments.</em></p> webdev api saas comparison MikeL Wed, 18 Feb 2026 21:34:23 +0000 https://dev.to/detectzestack/detect-any-websites-tech-stack-with-a-single-api-call-1i8o https://dev.to/detectzestack/detect-any-websites-tech-stack-with-a-single-api-call-1i8o <p>Knowing what technologies a website uses is valuable for competitive intelligence, security audits, lead generation, and vendor evaluation. But manually inspecting HTTP headers, HTML source, and DNS records is tedious and incomplete.</p> <p>I built <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> to solve this with a single API call that runs four detection layers simultaneously and returns a comprehensive technology profile.</p> <h2> The Four Detection Layers </h2> <h3> 1. Wappalyzer Fingerprinting </h3> <p>3,500+ technology signatures matching HTTP headers, HTML patterns, JavaScript variables, cookies, and meta tags.</p> <h3> 2. DNS CNAME Analysis </h3> <p>29 DNS signatures identifying CDNs and infrastructure: CloudFront, Fastly, Cloudflare, Akamai, Vercel, Netlify, and more.</p> <h3> 3. TLS Certificate Inspection </h3> <p>8 certificate issuer patterns detecting CDN and security providers from their TLS certificates.</p> <h3> 4. Custom Header Matching </h3> <p>Server headers, X-Powered-By, and custom response headers identifying frameworks and platforms.</p> <p>These layers complement each other. Wappalyzer catches front-end frameworks and CMS platforms. DNS and TLS catch infrastructure that's invisible to HTML analysis. Together they paint a complete picture.</p> <h2> Quick Start </h2> <p>Analyze any website with a single <code>GET</code> request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://detectzestack.fly.dev/analyze?url=stripe.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"stripe.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://stripe.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Cloudflare"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"CDN"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"React"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript frameworks"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Next.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Static site generator"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Nginx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Web servers"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"status_code"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"tech_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"cached"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"response_ms"</span><span class="p">:</span><span class="w"> </span><span class="mi">1240</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Each technology comes with metadata: description, official website, icon, and CPE identifier (for cross-referencing with vulnerability databases).</p> <h2> Batch Analysis </h2> <p>Need to analyze multiple sites at once? The <code>/analyze/batch</code> endpoint handles up to 10 URLs in a single request with concurrent processing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"https://detectzestack.fly.dev/analyze/batch"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"urls": ["stripe.com", "shopify.com", "vercel.com"]}'</span> </code></pre> </div> <p>All URLs are analyzed concurrently, so the total time is roughly the same as analyzing a single slow site.</p> <h2> Comparing Tech Stacks </h2> <p>The <code>/compare</code> endpoint shows shared and unique technologies across multiple sites:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST <span class="s2">"https://detectzestack.fly.dev/compare"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-Api-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"urls": ["github.com", "gitlab.com"]}'</span> </code></pre> </div> <p>The response includes <code>shared</code> technologies (used by both) and <code>unique</code> technologies per domain -- useful for competitive analysis.</p> <h2> Practical Applications </h2> <p><strong>Lead Generation</strong> -- Filter prospects by technology. Selling a Shopify app? Find sites running Shopify.</p> <p><strong>Security Auditing</strong> -- Combine tech detection with CPE identifiers to check each technology against the NVD vulnerability database.</p> <p><strong>Migration Planning</strong> -- Document a complete tech stack programmatically before migrating.</p> <p><strong>Market Research</strong> -- Analyze hundreds of sites in a market segment to understand technology adoption trends.</p> <h2> Try It Free </h2> <p>100 requests/month on the free tier. No credit card required. Paid plans from $5/mo.</p> <ul> <li> <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">Live Demo</a> -- try it without signing up</li> <li><a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">Get an API Key on RapidAPI</a></li> <li><a href="https://detectzestack.fly.dev/openapi.yaml" rel="noopener noreferrer">OpenAPI Spec</a></li> </ul> <p>I'd love to hear what use cases you'd find most valuable. Drop a comment below or reach out on <a href="https://x.com/DetectZeStack" rel="noopener noreferrer">X (@DetectZeStack)</a>.</p> webdev api javascript security MikeL Mon, 16 Feb 2026 17:40:40 +0000 https://dev.to/detectzestack/why-single-layer-tech-detection-misses-half-the-stack-and-how-to-fix-it-57nn https://dev.to/detectzestack/why-single-layer-tech-detection-misses-half-the-stack-and-how-to-fix-it-57nn <p>Most tech stack detection tools use a single method: they download a webpage's HTML and match it against a pattern library. Wappalyzer checks for <code>wp-content</code> in URLs to detect WordPress. BuiltWith looks for <code>_next/</code> paths to identify Next.js.</p> <p>This works well for front-end technologies. But it completely misses the infrastructure layer — CDNs, hosting providers, security services, and server-side platforms that never expose themselves in HTML.</p> <p>In this post, I'll walk through why single-layer detection fails, what you're missing, and how combining multiple detection methods gives you the full picture.</p> <h2> The Problem: HTML-Only Detection Has Blind Spots </h2> <p>Here's what a typical Wappalyzer-style scan returns for a production website:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"React"</span><span class="p">,</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Webpack"</span><span class="p">,</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Google Analytics"</span><span class="p">,</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Three technologies. Looks complete, right?</p> <p>But this site is actually running behind Cloudflare's CDN, using Let's Encrypt certificates, hosted on Vercel, and serving responses through nginx. None of that shows up in the HTML.</p> <p>That's because HTML-level detection only sees what the browser sees: script tags, meta elements, cookies, and URL patterns. Everything happening at the DNS, TLS, and HTTP layer is invisible to it.</p> <h2> Layer 1: Wappalyzer Fingerprinting (The Baseline) </h2> <p>HTML fingerprinting is still the foundation. Libraries like <a href="https://github.com/AhmedRedaCEF/wappalyzergo" rel="noopener noreferrer">wappalyzergo</a> maintain 3,500+ technology signatures that match against:</p> <ul> <li>HTML content and DOM structure</li> <li>JavaScript global variables</li> <li>Cookie names and values</li> <li>URL patterns (<code>/wp-content/</code>, <code>/_next/</code>, <code>/assets/</code>)</li> <li>Meta tags and headers referenced in the page</li> </ul> <p>This catches most front-end frameworks, CMS platforms, analytics tools, and JavaScript libraries. For many use cases, it's sufficient.</p> <p>But if you're doing security audits, competitive analysis, or lead enrichment, you need the full stack — not just what's visible in the DOM.</p> <h2> Layer 2: DNS CNAME Analysis </h2> <p>Every website's DNS records tell a story. When a site uses Cloudflare, its CNAME records typically point to something like <code>cdn.cloudflare.net</code>. Vercel uses <code>cname.vercel-dns.com</code>. AWS CloudFront uses <code>cloudfront.net</code>.</p> <p>Here's how DNS detection works in practice:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Simplified DNS CNAME lookup</span> <span class="n">cnames</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">LookupCNAME</span><span class="p">(</span><span class="n">domain</span><span class="p">)</span> <span class="c">// Then match against known patterns:</span> <span class="c">// "cloudflare.net" → Cloudflare</span> <span class="c">// "fastly.net" → Fastly</span> <span class="c">// "vercel-dns.com" → Vercel</span> <span class="c">// "amazonaws.com" → AWS</span> </code></pre> </div> <p>This catches infrastructure that's completely invisible to HTML scanning:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>CNAME Pattern</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td><code>*.cloudflare.net</code></td> <td>Cloudflare CDN</td> </tr> <tr> <td><code>*.fastly.net</code></td> <td>Fastly</td> </tr> <tr> <td><code>*.vercel-dns.com</code></td> <td>Vercel</td> </tr> <tr> <td><code>*.amazonaws.com</code></td> <td>AWS (S3, CloudFront, ELB)</td> </tr> <tr> <td><code>*.azurewebsites.net</code></td> <td>Microsoft Azure</td> </tr> <tr> <td><code>*.herokuapp.com</code></td> <td>Heroku</td> </tr> <tr> <td><code>*.netlify.app</code></td> <td>Netlify</td> </tr> <tr> <td><code>*.shopify.com</code></td> <td>Shopify</td> </tr> </tbody> </table></div> <p>DNS lookups add roughly 20-50ms to a detection request, but the intelligence gained is significant. You now know the hosting and CDN layer — information that HTML detection simply cannot provide.</p> <h2> Layer 3: TLS Certificate Inspection </h2> <p>TLS certificates reveal which certificate authority (CA) a site trusts, which often maps directly to their security infrastructure.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Connect to the site and inspect the TLS certificate</span> <span class="n">conn</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">tls</span><span class="o">.</span><span class="n">Dial</span><span class="p">(</span><span class="s">"tcp"</span><span class="p">,</span> <span class="n">domain</span><span class="o">+</span><span class="s">":443"</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">tls</span><span class="o">.</span><span class="n">Config</span><span class="p">{})</span> <span class="n">cert</span> <span class="o">:=</span> <span class="n">conn</span><span class="o">.</span><span class="n">ConnectionState</span><span class="p">()</span><span class="o">.</span><span class="n">PeerCertificates</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="n">issuer</span> <span class="o">:=</span> <span class="n">cert</span><span class="o">.</span><span class="n">Issuer</span><span class="o">.</span><span class="n">Organization</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="c">// Match against known issuers:</span> <span class="c">// "Let's Encrypt" → Let's Encrypt</span> <span class="c">// "Cloudflare, Inc." → Cloudflare SSL</span> <span class="c">// "Amazon" → AWS Certificate Manager</span> <span class="c">// "DigiCert Inc" → DigiCert</span> </code></pre> </div> <p>This detection layer tells you:</p> <ul> <li> <strong>Let's Encrypt</strong> — free automated certificates, common with smaller deployments</li> <li> <strong>Cloudflare, Inc.</strong> — using Cloudflare's SSL proxy (even if DNS doesn't show it)</li> <li> <strong>Amazon</strong> — AWS Certificate Manager, confirms AWS infrastructure</li> <li> <strong>DigiCert / Sectigo</strong> — enterprise-grade certificates, signals larger organization</li> </ul> <p>TLS inspection is especially useful for security audits. Knowing the certificate authority and expiration helps assess a site's security posture.</p> <h2> Layer 4: HTTP Header Matching </h2> <p>HTTP response headers are another goldmine. Many servers and platforms identify themselves through headers that never appear in the HTML:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Server: nginx/1.24.0 X-Powered-By: Express X-Vercel-Id: iad1::abcde-123456 CF-Cache-Status: HIT X-Cache: Hit from cloudfront </code></pre> </div> <p>Custom header patterns I match against:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Header</th> <th>Value Pattern</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td><code>Server</code></td> <td><code>nginx</code></td> <td>nginx</td> </tr> <tr> <td><code>Server</code></td> <td><code>Apache</code></td> <td>Apache</td> </tr> <tr> <td><code>X-Powered-By</code></td> <td><code>Express</code></td> <td>Express.js</td> </tr> <tr> <td><code>X-Powered-By</code></td> <td><code>PHP</code></td> <td>PHP</td> </tr> <tr> <td><code>CF-Cache-Status</code></td> <td>(any)</td> <td>Cloudflare</td> </tr> <tr> <td><code>X-Vercel-Id</code></td> <td>(any)</td> <td>Vercel</td> </tr> <tr> <td><code>X-Amz-Cf-Id</code></td> <td>(any)</td> <td>AWS CloudFront</td> </tr> </tbody> </table></div> <p>Headers are free — you already have the HTTP response from the HTML scan, so this adds zero latency.</p> <h2> Putting It All Together </h2> <p>When you run all four layers simultaneously, the detection picture changes dramatically. Here's a real comparison:</p> <p><strong>HTML-only detection:</strong></p> <ul> <li>React, Webpack, Google Analytics</li> </ul> <p><strong>Four-layer detection:</strong></p> <ul> <li>React, Webpack, Google Analytics (HTML)</li> <li>Cloudflare CDN (DNS)</li> <li>Cloudflare SSL (TLS)</li> <li>nginx (HTTP headers)</li> <li>Vercel (HTTP headers)</li> </ul> <p>That's 7 technologies vs. 3 — more than double the coverage.</p> <h2> Adding CPE Identifiers for Security </h2> <p>Each detected technology gets a <a href="https://nvd.nist.gov/products/cpe" rel="noopener noreferrer">CPE (Common Platform Enumeration)</a> identifier where available. CPE is a standardized naming scheme for software, maintained by NIST.</p> <p>For example:</p> <ul> <li>nginx → <code>cpe:2.3:a:f5:nginx:*</code> </li> <li>Apache → <code>cpe:2.3:a:apache:http_server:*</code> </li> <li>WordPress → <code>cpe:2.3:a:wordpress:wordpress:*</code> </li> </ul> <p>With CPE identifiers, you can query the <a href="https://nvd.nist.gov/" rel="noopener noreferrer">National Vulnerability Database</a> to find known CVEs for every technology in a site's stack. This turns tech detection into a security audit tool.</p> <h2> Performance: Why Caching Matters </h2> <p>Multi-layer detection is slower than HTML-only scanning. DNS lookups, TLS handshakes, and the HTTP request itself all add latency. A typical 4-layer scan takes 2-5 seconds.</p> <p>That's why caching is critical. I use a 24-hour cache keyed on the post-redirect domain (not the input URL — important for sites that redirect). Cached responses return in under 5ms and don't count against API quotas.</p> <p>The key insight: cache on the <em>final</em> domain after following redirects. If someone queries <code>example.com</code> and it redirects to <code>www.example.com</code>, the cache key should be <code>www.example.com</code>. Otherwise you'll get cache misses for the same site.</p> <h2> The Architecture </h2> <p>The whole system is built in Go with:</p> <ul> <li> <strong>chi router</strong> for HTTP routing</li> <li> <strong>SQLite</strong> for caching, rate limiting, and usage tracking</li> <li> <strong>wappalyzergo</strong> for HTML fingerprinting</li> <li> <strong>net</strong> stdlib for DNS lookups</li> <li> <strong>crypto/tls</strong> stdlib for certificate inspection</li> </ul> <p>It runs on a single Fly.io machine. Total codebase is about 3,000 lines of Go.</p> <p>I chose Go because:</p> <ol> <li>Excellent concurrency — all 4 detection layers run simultaneously using goroutines</li> <li>Fast TLS and DNS operations via the standard library</li> <li>Single binary deployment — no runtime dependencies</li> <li>Low memory footprint for a single-machine deployment</li> </ol> <h2> Try It Yourself </h2> <p>I built <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> as a REST API that implements all four detection layers. You can try the live demo on the homepage — no signup required.</p> <p>The API also supports:</p> <ul> <li> <strong>Batch analysis</strong>: up to 10 URLs per request</li> <li> <strong>Stack comparison</strong>: see shared vs. unique technologies across sites</li> <li> <strong>Webhook alerts</strong>: get notified when a domain is analyzed, with HMAC-signed payloads</li> </ul> <p>Free tier is 100 requests/month.</p> <p>What detection methods have you found useful for identifying website technologies? I'd love to hear about approaches I haven't considered.</p> webdev api go showdev MikeL Wed, 11 Feb 2026 21:59:21 +0000 https://dev.to/detectzestack/how-to-detect-vulnerable-technologies-on-any-website-using-cpe-identifiers-205f https://dev.to/detectzestack/how-to-detect-vulnerable-technologies-on-any-website-using-cpe-identifiers-205f <p>When a new CVE drops and your boss asks "are we running that?" — how fast can you answer?</p> <p>Most teams scramble through Confluence pages, Slack threads, and half-updated spreadsheets. But there's a better approach: <strong>automated technology detection with CPE identifiers</strong> that plug directly into vulnerability databases.</p> <p>In this post, I'll show you how to detect what technologies a website is running and get machine-readable CPE strings you can cross-reference with NIST's National Vulnerability Database (NVD).</p> <h2> What Are CPE Identifiers? </h2> <p>CPE (Common Platform Enumeration) is a standardized naming scheme for IT products. It looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cpe:2.3:a:apache:http_server:2.4.51:*:*:*:*:*:*:* </code></pre> </div> <p>The NVD uses CPEs to map CVEs to affected software. If you know the CPE of what you're running, you can instantly look up every known vulnerability for that exact product and version.</p> <p>The problem? Most teams don't maintain an accurate inventory of what technologies their web properties are running.</p> <h2> Automated Detection with DetectZeStack </h2> <p><a href="https://detectzestack.fly.dev" rel="noopener noreferrer">DetectZeStack</a> is a REST API that analyzes any website and returns the full technology stack — including CPE identifiers where available. It combines multiple detection methods:</p> <ul> <li> <strong>Wappalyzer fingerprinting</strong> — 3,500+ technology signatures matched against HTTP headers, HTML content, and JavaScript patterns</li> <li> <strong>DNS CNAME analysis</strong> — 29 infrastructure signatures (CloudFront, Fastly, Akamai, Netlify, Vercel, etc.)</li> <li> <strong>TLS certificate inspection</strong> — 8 certificate authority signatures (Cloudflare, DigiCert, Let's Encrypt, etc.)</li> <li> <strong>Custom header matching</strong> — security headers like HSTS, server identification</li> </ul> <h3> Quick Example </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://detectzestack.p.rapidapi.com/analyze?url=example.com"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Key: YOUR_KEY"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-RapidAPI-Host: detectzestack.p.rapidapi.com"</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"domain"</span><span class="p">:</span><span class="w"> </span><span class="s2">"example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"technologies"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Nginx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Web servers"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"jQuery"</span><span class="p">,</span><span class="w"> </span><span class="nl">"categories"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"JavaScript libraries"</span><span class="p">],</span><span class="w"> </span><span class="nl">"confidence"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpe"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Each technology with a known CPE includes it in the response. You can then query the NVD API directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="s2">"https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:a:nginx:nginx:*"</span> </code></pre> </div> <h2> Building a Vulnerability Scanner </h2> <p>Here's a practical Python script that ties it together — detect technologies, extract CPEs, and check for known vulnerabilities:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">time</span> <span class="n">RAPIDAPI_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your_key_here</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">detect_stack</span><span class="p">(</span><span class="n">url</span><span class="p">):</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze</span><span class="sh">"</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">url</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="n">RAPIDAPI_KEY</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span> <span class="p">}</span> <span class="p">)</span> <span class="k">return</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">def</span> <span class="nf">check_cves</span><span class="p">(</span><span class="n">cpe_name</span><span class="p">):</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://services.nvd.nist.gov/rest/json/cves/2.0</span><span class="sh">"</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">cpeName</span><span class="sh">"</span><span class="p">:</span> <span class="n">cpe_name</span><span class="p">}</span> <span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">return</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">vulnerabilities</span><span class="sh">"</span><span class="p">,</span> <span class="p">[])</span> <span class="c1"># Detect technologies </span><span class="n">result</span> <span class="o">=</span> <span class="nf">detect_stack</span><span class="p">(</span><span class="sh">"</span><span class="s">yoursite.com</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">tech</span> <span class="ow">in</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]:</span> <span class="n">cpe</span> <span class="o">=</span> <span class="n">tech</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">cpe</span><span class="p">:</span> <span class="k">continue</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="si">{</span><span class="n">tech</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> (</span><span class="si">{</span><span class="n">cpe</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span><span class="p">)</span> <span class="n">vulns</span> <span class="o">=</span> <span class="nf">check_cves</span><span class="p">(</span><span class="n">cpe</span><span class="p">)</span> <span class="k">if</span> <span class="n">vulns</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> Found </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">vulns</span><span class="p">)</span><span class="si">}</span><span class="s"> known CVEs:</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">vulns</span><span class="p">[:</span><span class="mi">5</span><span class="p">]:</span> <span class="n">cve</span> <span class="o">=</span> <span class="n">v</span><span class="p">[</span><span class="sh">"</span><span class="s">cve</span><span class="sh">"</span><span class="p">]</span> <span class="n">severity</span> <span class="o">=</span> <span class="sh">"</span><span class="s">N/A</span><span class="sh">"</span> <span class="n">metrics</span> <span class="o">=</span> <span class="n">cve</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">metrics</span><span class="sh">"</span><span class="p">,</span> <span class="p">{})</span> <span class="k">if</span> <span class="sh">"</span><span class="s">cvssMetricV31</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">metrics</span><span class="p">:</span> <span class="n">severity</span> <span class="o">=</span> <span class="n">metrics</span><span class="p">[</span><span class="sh">"</span><span class="s">cvssMetricV31</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">cvssData</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">baseSeverity</span><span class="sh">"</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> </span><span class="si">{</span><span class="n">cve</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> - </span><span class="si">{</span><span class="n">severity</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s"> No known CVEs</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># Rate limit NVD API </span></code></pre> </div> <h2> Use Cases for Security Teams </h2> <p><strong>1. Asset inventory</strong> — Scan all your public-facing domains to build a technology inventory. Use the <code>/analyze/batch</code> endpoint to check up to 10 URLs per request.</p> <p><strong>2. Continuous monitoring</strong> — Set up webhook subscriptions to get notified every time a domain is analyzed. Track technology changes over time with the <code>/history</code> endpoint.</p> <p><strong>3. Vendor risk assessment</strong> — Before onboarding a third-party vendor, scan their web properties. Know what they're running before signing the contract.</p> <p><strong>4. Incident response</strong> — When a new CVE is published, immediately scan your domains to check for affected technologies. The 24-hour cache means repeated checks are instant and free.</p> <h2> Try It Out </h2> <p>You can test DetectZeStack right now — no signup required. Visit <a href="https://detectzestack.fly.dev" rel="noopener noreferrer">detectzestack.fly.dev</a> and use the live demo to analyze any website.</p> <p>For API access, grab a free key on <a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">RapidAPI</a> (100 requests/month, no credit card required).</p> <p><strong>What security automation workflows are you building?</strong> I'd love to hear how you're using technology detection in your security pipeline. Drop a comment below.</p> security api webdev tutorial MikeL Wed, 11 Feb 2026 19:51:51 +0000 https://dev.to/detectzestack/3-ways-to-use-a-tech-stack-detection-api-competitive-analysis-lead-enrichment-security-auditing-j9p https://dev.to/detectzestack/3-ways-to-use-a-tech-stack-detection-api-competitive-analysis-lead-enrichment-security-auditing-j9p <p>Knowing what technologies power a website isn't just a curiosity — it's actionable intelligence. Whether you're sizing up competitors, qualifying sales leads, or auditing your own security posture, a tech stack detection API can automate what used to take hours of manual inspection.</p> <p>In this post, I'll walk through three real-world use cases with Python code examples using the <a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">DetectZeStack API</a>.</p> <h2> 1. Competitive Analysis </h2> <h3> The Problem </h3> <p>You need to understand what technologies your competitors are using — their frontend framework, hosting provider, analytics tools, CDN — but manually inspecting source code and HTTP headers across dozens of sites is tedious and error-prone.</p> <h3> The Solution </h3> <p><strong>Batch compare competitors in one call:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span> <span class="p">}</span> <span class="c1"># Compare your site against competitors </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/compare</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">yoursite.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">competitor1.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">competitor2.com</span><span class="sh">"</span><span class="p">]}</span> <span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Technologies ALL sites share:</span><span class="sh">"</span><span class="p">,</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">shared</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">domain</span> <span class="ow">in</span> <span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">domains</span><span class="sh">"</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="se">\n</span><span class="si">{</span><span class="n">domain</span><span class="p">[</span><span class="sh">'</span><span class="s">domain</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">:</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> Total: </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">domain</span><span class="p">[</span><span class="sh">'</span><span class="s">technologies</span><span class="sh">'</span><span class="p">])</span><span class="si">}</span><span class="s"> technologies</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> Unique: </span><span class="si">{</span><span class="n">domain</span><span class="p">[</span><span class="sh">'</span><span class="s">unique</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Track competitor changes over time:</strong></p> <p>Set up webhooks for competitor domains. Every time someone analyzes them, you'll receive a notification with their current tech stack — making it easy to spot when competitors adopt new frameworks or switch providers.</p> <h3> Example Insights </h3> <ul> <li>"Competitor X switched from Heroku to AWS last month"</li> <li>"3 of 5 competitors use Next.js — industry trend?"</li> <li>"Competitor Y added Cloudflare CDN — they're scaling"</li> </ul> <h2> 2. Lead Enrichment &amp; Sales Intelligence </h2> <h3> The Problem </h3> <p>Your sales team has a list of prospect companies but no insight into their technical sophistication. Cold outreach about "infrastructure optimization" falls flat when you don't know if they're on Heroku or bare-metal Kubernetes.</p> <h3> The Solution </h3> <p><strong>Enrich CRM leads with technology data:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span> <span class="p">}</span> <span class="c1"># Your prospect list </span><span class="n">prospects</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">prospect1.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">prospect2.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">prospect3.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">prospect4.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">prospect5.com</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Batch analyze (up to 10 at a time) </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze/batch?format=csv</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="n">prospects</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># Save CSV directly to file for CRM import </span><span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">enriched_leads.csv</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">w</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">f</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> </code></pre> </div> <p><strong>Segment leads by technology:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Find all prospects using Shopify (potential e-commerce migration targets) </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze/batch</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="n">prospects</span><span class="p">}</span> <span class="p">)</span> <span class="n">shopify_users</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">results</span><span class="sh">"</span><span class="p">]:</span> <span class="k">if</span> <span class="n">item</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">):</span> <span class="n">tech_names</span> <span class="o">=</span> <span class="p">[</span><span class="n">t</span><span class="p">[</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]]</span> <span class="k">if</span> <span class="sh">"</span><span class="s">Shopify</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">tech_names</span><span class="p">:</span> <span class="n">shopify_users</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">domain</span><span class="sh">"</span><span class="p">])</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Prospects using Shopify: </span><span class="si">{</span><span class="n">shopify_users</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Example Insights </h3> <ul> <li>Segment leads: "Companies using WordPress" vs "Companies using custom React apps" need different pitches</li> <li>Identify upsell opportunities: "They use basic shared hosting — ready for cloud migration"</li> <li>Qualify leads: "They already use AWS — likely technical enough for our developer tool"</li> </ul> <h2> 3. Security Auditing </h2> <h3> The Problem </h3> <p>Your security team needs to inventory the technologies across your organization's web properties. Outdated frameworks, known-vulnerable libraries, and misconfigured servers need to be identified before attackers find them.</p> <h3> The Solution </h3> <p><strong>Scan all company domains:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">X-RapidAPI-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">YOUR_API_KEY</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">X-RapidAPI-Host</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">detectzestack.p.rapidapi.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span> <span class="p">}</span> <span class="n">company_domains</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">company.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">app.company.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">docs.company.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">blog.company.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">status.company.com</span><span class="sh">"</span> <span class="p">]</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://detectzestack.p.rapidapi.com/analyze/batch</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">urls</span><span class="sh">"</span><span class="p">:</span> <span class="n">company_domains</span><span class="p">}</span> <span class="p">)</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">results</span><span class="sh">"</span><span class="p">]:</span> <span class="k">if</span> <span class="n">item</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">):</span> <span class="n">domain</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">domain</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">tech</span> <span class="ow">in</span> <span class="n">item</span><span class="p">[</span><span class="sh">"</span><span class="s">result</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">technologies</span><span class="sh">"</span><span class="p">]:</span> <span class="c1"># Flag technologies with CPE identifiers </span> <span class="c1"># (can be cross-referenced with CVE databases) </span> <span class="k">if</span> <span class="n">tech</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">cpe</span><span class="sh">"</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">[CPE] </span><span class="si">{</span><span class="n">domain</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">tech</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> — </span><span class="si">{</span><span class="n">tech</span><span class="p">[</span><span class="sh">'</span><span class="s">cpe</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Use CPE identifiers for vulnerability lookups:</strong></p> <p>The API returns CPE (Common Platform Enumeration) identifiers when available. These can be cross-referenced with the NVD (National Vulnerability Database) to find known CVEs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:* cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* </code></pre> </div> <p><strong>Monitor for technology changes:</strong></p> <p>Set up webhooks on critical domains. If someone adds a new analytics script or swaps out the CDN, you'll know immediately.</p> <h3> Example Insights </h3> <ul> <li>"blog.company.com is running jQuery 2.x — known XSS vulnerabilities"</li> <li>"staging.company.com exposes Nginx version in headers — information leak"</li> <li>"marketing site switched SSL providers without security team approval"</li> </ul> <h2> Which Endpoints for Which Use Case </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Use Case</th> <th>Primary Endpoint</th> <th>Also Useful</th> </tr> </thead> <tbody> <tr> <td>Competitive analysis</td> <td><code>POST /compare</code></td> <td> <code>GET /history</code>, <code>POST /webhooks</code> </td> </tr> <tr> <td>Lead enrichment</td> <td><code>POST /analyze/batch</code></td> <td> <code>GET /analyze</code> (one-off lookups)</td> </tr> <tr> <td>Security auditing</td> <td><code>POST /analyze/batch</code></td> <td> <code>GET /history</code>, <code>POST /webhooks</code> </td> </tr> <tr> <td>Technology trends</td> <td><code>GET /history</code></td> <td><code>POST /compare</code></td> </tr> <tr> <td>Change monitoring</td> <td><code>POST /webhooks</code></td> <td><code>GET /history</code></td> </tr> </tbody> </table></div> <p>Get started free (100 requests/month, no credit card): <a href="https://rapidapi.com/mlugoapx/api/detectzestack" rel="noopener noreferrer">DetectZeStack on RapidAPI</a></p> <p><em>DetectZeStack detects 3,800+ technologies using wappalyzer fingerprinting, DNS analysis, TLS certificates, and custom header matching.</em></p> api security python saas