techstack-identification

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Tech Stack Identification

技术栈识别

Passive OSINT reconnaissance to identify a target's technology stack. No credentials, no active scanning — only publicly available signals.

通过被动OSINT侦察识别目标的技术栈。无需凭证、无需主动扫描——仅使用公开可获取的信号。

Quick Start

快速开始

1. Provide company name (+ optional domain hint)
2. 5 orchestrating agents run 26 sub-skills across 17 intelligence domains
3. Signals correlated, confidence scored, conflicts resolved
4. Final report: JSON + Markdown with evidence for every inference

1. Provide company name (+ optional domain hint)
2. 5 orchestrating agents run 26 sub-skills across 17 intelligence domains
3. Signals correlated, confidence scored, conflicts resolved
4. Final report: JSON + Markdown with evidence for every inference

Orchestration (5 Agents → 26 Sub-Skills)

编排流程（5个Agent → 26个子技能）

Phase 1: Asset Discovery (

asset_discovery_agent

)

domain_discovery, subdomain_enumeration, certificate_transparency, ip_attribution, api_portal_discovery

Phase 2: Data Collection (

data_collection_agent

)

http_fingerprinting, dns_intelligence, tls_certificate_analysis, javascript_dom_analysis, html_content_analysis, code_repository_intel, job_posting_analysis, web_archive_analysis

Phase 3: Tech Inference (

tech_inference_agent

)

frontend_inferencer, backend_inferencer, cloud_infra_detector, cdn_waf_fingerprinter, security_posture_analyzer, devops_detector, third_party_detector

Phase 4: Correlation (

correlation_agent

)

signal_correlator, confidence_scorer, conflict_resolver

Phase 5: Report (

report_generation_agent

)

json_report_generator, evidence_formatter, report_exporter

Phases run sequentially. Sub-skills within each phase run in parallel.

阶段1：资产发现（

asset_discovery_agent

）

domain_discovery, subdomain_enumeration, certificate_transparency, ip_attribution, api_portal_discovery

阶段2：数据收集（

data_collection_agent

）

http_fingerprinting, dns_intelligence, tls_certificate_analysis, javascript_dom_analysis, html_content_analysis, code_repository_intel, job_posting_analysis, web_archive_analysis

阶段3：技术推断（

tech_inference_agent

）

frontend_inferencer, backend_inferencer, cloud_infra_detector, cdn_waf_fingerprinter, security_posture_analyzer, devops_detector, third_party_detector

阶段4：关联分析（

correlation_agent

）

signal_correlator, confidence_scorer, conflict_resolver

阶段5：报告生成（

report_generation_agent

）

json_report_generator, evidence_formatter, report_exporter

各阶段按顺序执行，同一阶段内的子技能并行运行。

Confidence Levels

置信度等级

High: Multiple independent sources + explicit identifier (headers, meta tags, cookies)
Medium: Single strong source OR indirect signals (URL patterns, error messages, job postings)
Low: Speculative from indirect signals, conflicting data, or outdated evidence

高：多个独立信息源 + 明确标识（请求头、meta标签、cookies）
中：单一强信息源或间接信号（URL模式、错误信息、招聘启事）
低：基于间接信号的推测、数据存在冲突、或证据已过时

Output: TechStackReport

输出：TechStackReport

json

{
  "report_id": "uuid",
  "company": "string",
  "primary_domain": "string",
  "discovered_assets": { "domains", "subdomains", "ip_addresses", "certificates", "api_portals" },
  "technologies": {
    "frontend": [{ "name", "version?", "confidence": "High|Medium|Low", "evidence": [...] }],
    "backend": [...],
    "infrastructure": [...],
    "security": [...],
    "devops": [...],
    "third_party": [...]
  },
  "confidence_summary": { "high_confidence", "medium_confidence", "low_confidence", "overall_score" }
}

json

{
  "report_id": "uuid",
  "company": "string",
  "primary_domain": "string",
  "discovered_assets": { "domains", "subdomains", "ip_addresses", "certificates", "api_portals" },
  "technologies": {
    "frontend": [{ "name", "version?", "confidence": "High|Medium|Low", "evidence": [...] }],
    "backend": [...],
    "infrastructure": [...],
    "security": [...],
    "devops": [...],
    "third_party": [...]
  },
  "confidence_summary": { "high_confidence", "medium_confidence", "low_confidence", "overall_score" }
}

Rate Limits

速率限制

Service	Limit
crt.sh	10 req/min
GitHub API (unauth)	60 req/hr
General HTTP	30 req/min
DNS queries	30 req/min

服务	限制
crt.sh	10次请求/分钟
GitHub API（未认证）	60次请求/小时
通用HTTP请求	30次请求/分钟
DNS查询	30次请求/分钟

Integration

集成方式

Called by pentest orchestrator as a recon step, by CVE testing to map technologies to CVEs, or standalone for due diligence and competitive analysis.

可作为侦察步骤被渗透测试编排器调用，用于CVE测试中匹配技术与对应CVE，也可独立用于尽职调查和竞品分析。