SSL Certificate Analysis Open Port Detection Web Application Scanning DNS Security Audit HTTP Header Analysis Misconfiguration Detection Software Fingerprinting Subdomain Enumeration
SSL Certificate Analysis Open Port Detection Web Application Scanning DNS Security Audit HTTP Header Analysis Misconfiguration Detection Software Fingerprinting Subdomain Enumeration

Every website is built on a stack of technologies: a content management system, a web framework, JavaScript libraries, server software, analytics tools, and many more invisible building blocks. Attackers know this — and the very first thing they do before targeting a site is identify exactly what it is running. Sensagraph performs the same reconnaissance from the defender's side, giving you a clear, business-friendly map of your technology stack and the risks hidden inside it.

Sensagraph's Technology Stack Risk Assessment automatically fingerprints the software powering your website, detects exposed version numbers, highlights end-of-life or unsupported components, and warns you about known vulnerabilities tied to each detected technology. You don't need to know the internals — Sensagraph translates the findings into clear risk levels and recommended actions.

Know exactly what powers your website

Most organisations underestimate how much information their website unintentionally reveals. Sensagraph reveals it for you — before someone else does.

Complete Technology Fingerprinting

Sensagraph identifies every detectable component of your web presence, giving you full visibility into the building blocks of your site.

  • Content management systems (WordPress, Drupal, Joomla and more)
  • Web frameworks, programming languages, and runtimes
  • JavaScript libraries, UI frameworks, and analytics scripts
  • Web servers, reverse proxies, and CDN providers

Outdated & End-of-Life Software Detection

Running unsupported software is one of the most common root causes of major breaches. Sensagraph flags components that no longer receive security patches.

  • Detection of end-of-life CMS and framework versions
  • Identification of legacy libraries with known CVEs
  • Clear upgrade recommendations prioritised by risk

Version Information Leakage

Exposing exact version numbers in HTTP headers, meta tags, or error pages gives attackers a roadmap. Sensagraph highlights where this information is leaking.

  • HTTP header disclosures (Server, X-Powered-By, and more)
  • Version tags in HTML source, generators, and assets
  • Guidance on suppressing or removing unnecessary banners

Known Vulnerability Mapping

Every detected technology is automatically cross-referenced with public vulnerability databases so you instantly see which components are exploitable today.

  • CVE matching for detected versions
  • Severity scoring (CVSS) and exploitability indicators
  • Plain-language summaries of each risk

Shadow IT & Third-Party Visibility

Modern websites load dozens of third-party scripts. Sensagraph helps you see external dependencies that may introduce supply-chain risk.

  • Tracking pixels, tag managers, and marketing tools
  • External CDNs and font/script providers
  • Unexpected or unauthorised integrations

Why technology fingerprinting matters for your business

Attackers automate reconnaissance at massive scale. The moment a critical vulnerability is published for a popular CMS or library, exploitation attempts begin within hours. If your site is still running that version — and advertising it openly — you become a target of opportunity. Sensagraph's continuous assessment ensures you find out about these risks before attackers do, with clear remediation steps you can hand to your developers or hosting provider.

Frequently asked questions

It is the process of identifying every software component that powers your website — CMS, frameworks, libraries, servers — and evaluating whether those components are up to date, supported, and securely configured.

No. Sensagraph performs the assessment externally, just like an attacker would. You only need to provide the website address you want scanned.

When attackers see the exact version of a CMS or library, they can instantly look up known exploits for that version. Hiding or removing version banners significantly reduces automated attacks.

We recommend continuous or at least monthly assessments. New vulnerabilities are disclosed daily, and a component that was safe last month may be exploitable today.

Yes. Each finding includes a plain-language explanation, a risk rating, and clear remediation guidance suitable for both business owners and developers.