It’s a pretty poor implementation that is basically matching on the lowest common denominator, by platform rather than by library or framework. An ASP.NET website is fully independent of a WCF vulnerability. They <i>can</i> coexist but definitely don’t have to.<p>Additional suggestion: many times the home page is a link to many different technologies. Crawl all first-level directory indices to see different techs. E.g. we have a xenforo-powered forum at /forums, a WordPress blog at /blog, a custom ASP.NET CMS at /store, a .NET Core web app at /foo, etc.<p>The domain index for most companies past a certain age/size not dedicated solely to a single app effectively turns into a static html page.
Creator here. We built this using Wappalyzer to detect the software given a URL and match it against our database of CVEs and thought it might be a fun little tool.
This is a nice addendum to the "Let Us Identify Your Stack" style web services tho I guess some of them might already provide this.<p>It does have the somewhat negative effect of making potentially vulnerable websites more visible to lower order hackers (I'm assuming more proficient ones have automated discovery tools like this anyway).
Finally, a place that can gather IP addresses and associate them to specific security products to have them hacked later. Just what I've been waiting for.
i don't need to provide my (potentially vulnerable) production URL to whoever-you-might-be in order to identify the last 6 months of vulnerabilities - I can just google for that.<p>Submitting your site to this is just asking for trouble.