PublicWWW alternative

PublicWWW finds every site running a snippet. TechSpy reads what one domain is actually running — and what it means.

PublicWWW searches backward. Hand it one code signature — a tracking ID, a script, an affiliate tag — and it returns thousands of sites that share it. Web-wide footprinting, and it's genuinely good at it.

TechSpy runs forward. Hand it one domain and it returns the full operational read: the real tech stack (even through React/Next.js SPAs), a DNS/DMARC audit, subdomains, hidden APIs, and a Verdict/Evidence/Implications call on top.

Different directions on the same map. Most people who land here already have the list — they need to read each domain on it.

  • Reverse code search across the web vs. a forward per-domain read
  • Sees through modern SPAs that leave scrapers a near-empty page
  • Turns detections into a decision, not another match list

Scan a domain free — 30 scans/day, no login.

Free — no card, 30 scans/day.

Two different jobs: search vs. read

Neither tool replaces the other. Be clear on which direction you're pointed.

PublicWWW TechSpy
Direction Many sites ← one signature One domain → many signals
You give it A code snippet, ID, or signature A domain
You get back A list of sites embedding it Stack + DNS + subdomains + analysis
Best for Web-wide OSINT / footprinting at scale Reading a specific target in depth

PublicWWW does reverse code search across the whole web. It does not produce a per-domain tech-stack read, a DNS/DMARC audit, subdomain discovery, or a GTM analysis. That's TechSpy's lane — one domain at a time, in depth.

Reads through modern SPAs

A raw source-code index sees whatever shipped in the initial HTML. On a client-rendered React or Next.js site, that's a near-empty shell — the real stack loads in JavaScript after paint.

TechSpy reads three layers at once: static HTML + JS-runtime fingerprints + HTTP headers. So the stack behind the SPA actually shows up.

  • HTML-only view of the SPA: React · — empty shell —
  • TechSpy view of the same SPA: Next.js (JS-runtime) · Vercel (header) · Segment (JS-runtime) · Cloudflare (header)

Same page. Fuller picture. This is the single most concrete reason a single-target read beats a source snapshot on a modern app.

The infra layer source-code search never touches

Some of the most useful signals about a company don't live in page source at all. They live in DNS records, in what subdomains exist, in how the sitemap is built.

  • DNS / DMARC / SPF / DKIM audit — email-auth posture and misconfigurations at a glance
  • Subdomain discovery — catch infra expansion (staging, api., new products) before the PR
  • Sitemap structure — how the site is actually organized and scaled

A source-code search engine indexes what's in the code. None of the above is in the code — so it's structurally out of scope for that kind of tool. It's core to TechSpy.

Deep Scan, Interact, and an opinion at the end

Detections are data. TechSpy's job is to hand you a decision.

  • Deep Scan — headless render + HAR capture surfaces hidden APIs and SDKs that never appear on first paint
  • Interact — an LLM clicks and fills forms to reveal tools that only load after interaction
  • Verdict / Evidence / Implications — every read closes with an opinionated call, the evidence behind it, and what it means for you, each tagged High / Medium / Low confidence

Instead of a raw list of matches, you get: "Client-rendered React app on Cloudflare, HubSpot-run marketing — a modern GTM stack." With the evidence and the so-what attached.

Honest note on speed: only the static scan is seconds. Deep Scan and Interact take minutes — they're rendering and driving the page for real, not reading markup.

Head to head

PublicWWW earns a real check where it wins — web-wide signature search at scale. TechSpy owns the per-domain read.

Capability TechSpy PublicWWW
Find all sites by a code signature / ID ✓ (its core strength)
Per-domain tech-stack read
Sees through React/Next.js SPAs
DNS / DMARC / SPF / DKIM audit
Subdomain discovery
Deep Scan (HAR, hidden APIs)
Interact (post-interaction tools)
Verdict / Evidence / Implications
Export PDF / Zapier / API

The top row is checked for PublicWWW on purpose. If your job is find the population, that's the tool. If your job is read the target, everything below it is TechSpy.

When PublicWWW is the better pick

No hit piece. If your job runs in reverse, TechSpy is the wrong tool — and PublicWWW is the right one.

Choose PublicWWW if you want to:

  • Find every site on the web embedding a specific snippet, script, or library
  • Footprint by an analytics ID, affiliate code, or tracking signature at scale
  • Build a list of targets that share a common signature

Choose TechSpy if you want to:

  • Read one domain's real stack, even behind a React/Next.js SPA
  • Add DNS/DMARC, subdomains, and sitemap signals to that read
  • Get a decision-ready Verdict/Evidence/Implications call, with saved scans, compare, and reports

TechSpy does not do web-wide signature search — it reads domains one at a time, in depth. So use both: PublicWWW to build the list, TechSpy to read each domain on it.

Pricing — start free, no login

Plan Price What you get
Free $0 30 scans/day + DNS / sitemap / subdomains + save & compare
Plus $19/mo 10 Deep Scan + 5 Interact credits
Max $49/mo Unlimited scans + 50 Deep Scan + 25 Interact + Export / Zapier / API
Enterprise $199/mo For teams scanning at scale

The static scan runs in seconds. Deep Scan and Interact take minutes — because they render the page for real.

Scan a domain free — no login.

Scan a domain free

See the opinionated read for yourself — no login, 30 scans/day.