Two endpoints receiving a list of domain names:
-
Nginx detection service (api/DetectWebTech/nginx) Naive approach for analyzing response Server header
-
Generalized version (api/DetectWebTech/fullscan) The main idea is to utilize all the possible info that could be received from server (headers, cookies, markdown, scripts, etc) to compare with up-to-date library of server technology signatures (differential characteristics) WIP.., not fully implemented
Both endpoint responses contain IPs associated with hostnames.
docker build -t web-tech-detect .
docker run -p 8080:80 --name webdetect web-tech-detect
http://localhost:8080/index.html
curl -X POST "http://localhost:8080/api/DetectWebTech/nginx" -H "accept: application/json" -H "Content-Type: application/json" -d "["www.nginx.com","www.google.com"]"
- regexp for advanced comparison
- detection confidence level
- advanced uri validation logic
- support for IDN (Internationalized Domain Names, punycode)
- cache
- logging
- auth
- tests
- monitoring and health-check
- elaborate caching policy
- API gateway to balance requests ( + possible static assets like tech logos/icons for generalized version)
- decouple independent functionality (IP lookup, get-requests, url-analyzers, etc) to microservices/lambdas
- batch processing to handle requests with huge payload
- more advanced: consider service mesh (abstract away infrastructure, reduce vendor-lock, utilize on-premise resources, etc)