vikingkarwur Posted January 12, 2012 Share Posted January 12, 2012 Hi, I usually using wappalyzer (firefox add-on : https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/) to check everything "behind" (especially CMS) the website. FYI. Wappalyzer is a browser extension that uncovers the technologies used on websites. I'm Wondering, is there ProcessWire CMS can be identify with Wappalyzer right now ? Thanks! Link to comment Share on other sites More sharing options...
MarcC Posted January 12, 2012 Share Posted January 12, 2012 I'm Wondering, is there ProcessWire CMS can be identify with Wappalyzer right now ? I think that would be very difficult, because ProcessWire can be used as a framework only. You can even easily change the default control panel URL and have full control over the markup. Link to comment Share on other sites More sharing options...
apeisa Posted January 12, 2012 Share Posted January 12, 2012 I think one way to identify if PW is used is assets urls. Images and files are usually saved on /site/assets/files/<pageid>/filename.jpg Link to comment Share on other sites More sharing options...
krems04 Posted April 3, 2013 Share Posted April 3, 2013 Would looking for "site/templates" in the html also be sufficient in identifying PW? Link to comment Share on other sites More sharing options...
SiNNuT Posted April 4, 2013 Share Posted April 4, 2013 Wappalyzer has a pretty impressive list of stuff they can detect. I think they are pretty smart about it. In addition to the suggestions of apeisa and krems04 i think they could probably do something with the http headers. PW's cookies always (or most of the times?) seem to start with 'wire=' , which seems like a pretty unique indicator. Not entirely sure about this though. Link to comment Share on other sites More sharing options...
diogo Posted April 4, 2013 Share Posted April 4, 2013 @krems04, site/templates will for sure appear in most urls for js and css, but I don't think it's sufficient for identifying PW. But it sounds more than possible to have a pretty accurate guess only from the already referred characteristics. Link to comment Share on other sites More sharing options...
teppo Posted April 4, 2013 Share Posted April 4, 2013 Technically speaking calls to /site/ aren't a necessity and that path can even be re-configured to something else by altering $siteDir (/index.php) or default site dir in multi-domain configuration (after moving /wire/index.config.php to /index.config.php.) Admittedly this is quite unlikely.. Another thing to check would be a cookie called "wire", but that can be changed too, so it's not a flawless method either. Overall I don't think there's anything you can use to say for 100% sure if a site is running ProcessWire. On the other hand, the fact that ProcessWire can conceal it's identity pretty well is (in my opinion) a strength; not everyone wants to let general public know which CMS they're using, for various reasons. 1 Link to comment Share on other sites More sharing options...
SiNNuT Posted April 4, 2013 Share Posted April 4, 2013 I don't think wappalyzer claims to be 100% correct, but if we take a vanilla installation of PW i think the combination of things above is enough reason to assume something is PW. The fact that you could quite easily make some customisations so that it can't be detected doesn't invalidate the wappalyzer tool (not that i particulary like it though). I'm thinking of adding <meta name="generator" content="Joomla! - Open Source Content Management - Version 3.0.0" /> to my templates just to throw them off. 2 Link to comment Share on other sites More sharing options...
enricob Posted August 27, 2014 Share Posted August 27, 2014 Hi all, I use Wappalizer extension a lot and many times I found a new cms or a tool just because I saw the icon on the browser bar. I think that having Processwire on Wappalizer could help in gaining it popularity (of course, mostly among developers or technicians). Like some of you said is not so easy to identify if a site is using PW, one can certainly hide the fact that is using it, anyway I think most of the sites that use PW has the metatag "generator" so this could be a good way to identify PW on a site. I think using the generator metatag should be considered a good practice, at least without indicating the version for security reason...obviously anyone should be free to remove it. What do you guys think? If we had to add PW to Wappalizer here's the link: https://wappalyzer.com/suggestions (I think this should be done by an expert since you have to specify the criteria for identify PW, and I only know about the generator metatag) 2 Link to comment Share on other sites More sharing options...
clsource Posted September 12, 2014 Share Posted September 12, 2014 Well I Created a Simple Module that outputs the metatag. Why a Module?, because it's more easy to modify the meta tag and additional info in the long run, and standarizes the tags I think. <?php /** * ProcessWire Meta Tag * * Returns this meta tag * <meta name="generator" content="Processwire.com" /> * * Usage: * * In you header/ template/ _main , add this * * * $pw_meta = $modules->get("ProcessWireMetaTag")->get(); * * <head> * <?php echo $pw_meta ?> * </head> * * By Camilo Castro @camcasc (ClSource) */ class ProcessWireMetaTag extends WireData implements Module { /** * getModuleInfo is a module required by all modules to tell ProcessWire about them * * @return array * */ public static function getModuleInfo() { return array( // The module'ss title, typically a little more descriptive than the class name 'title' => 'Processwire meta tag', // version: major, minor, revision, i.e. 100 = 1.0.0 'version' => 100, 'author' => 'clsource', // summary is brief description of what this module is 'summary' => 'A simple meta tag for saying that you use Processwire and spread the word .', // Optional URL to more information about the module 'href' => 'http://www.processwire.com', // singular=true: indicates that only one instance of the module is allowed. // This is usually what you want for modules that attach hooks. 'singular' => true, // autoload=true: indicates the module should be started with ProcessWire. // This is necessary for any modules that attach runtime hooks, otherwise those // hooks won't get attached unless some other code calls the module on it's own. // Note that autoload modules are almost always also 'singular' (seen above). 'autoload' => true, // Optional font-awesome icon name, minus the 'fa-' part 'icon' => 'smile-o', ); } public function __construct() { // Set meta property $this->meta = '<meta name="generator" content="Processwire.com" />'; } /** * Initialize the module * * ProcessWire calls this when the module is loaded. For 'autoload' modules, this will be called * when ProcessWire's API is ready. As a result, this is a good place to attach hooks. * */ public function init() { // Nothing to init } // Returns the meta tag public function get() { return $this->meta; } } Link to comment Share on other sites More sharing options...
Recommended Posts