A Python tool to identify vulnerabilities in NPM packages extracted from websites using Wappalyzer and find some live sub-domains.
Features
- Finds the live sub-domains
- Extracts package information using Wappalyzer.
- Filters JavaScript libraries and verifies their availability in the NPM registry.
- Generates a package.json file for valid dependencies.
- Runs npm audit to detect vulnerabilities and saves a detailed report.
docker pull enderphan94/webpack:latest
docker run --rm enderphan94/webpack <https://url>
Console Output
[SUBDOMAINS]
cdn.domain.com
img.domain.com
img.service.domain.com
r.news.pdomain.com
r.service.domain.com
[INFO] Alive subdomains saved to domain.com_alive_subdomains.txt
[INFO] Generated /app/https___www.domain.com_/package.json.
[RESULT] Technologies:
+--------------------------------+---------+
| Name | Version |
+--------------------------------+---------+
| PHP | N/A |
| Bootstrap | 4.6.2 |
| PayPal | N/A |
| Google Ads | N/A |
| Google Tag Manager | N/A |
| CookieFirst | N/A |
| Cloudflare Browser Insights | N/A |
| Microsoft Advertising | N/A |
| LazySizes | N/A |
| jQuery | 3.7.1 |
| Hotjar | N/A |
| Google Analytics | N/A |
| Facebook Pixel | 2.9.274 |
| core-js | 3.45.1 |
| theTradeDesk | N/A |
| reCAPTCHA | N/A |
| Priority Hints | N/A |
| Google Ads Conversion Tracking | N/A |
| Cloudflare | N/A |
| Webpack | N/A |
| PWA | N/A |
| HTTP/3 | N/A |
+--------------------------------+---------+
[INFO] Checking for vulnerable packages...
found 0 vulnerabilities
[INFO] Saved audit report to audit-report.txt.