Show HN: Detect anti-bot, anti-agent defenses for any website(botscope.org)
3 pointsby mynameyeff4 hours ago3 comments
  • mynameyeff4 hours ago
    I built a platform to detect any kind of anti-bot / anti-agent tooling that’s installed on a website. Cloudflare Bot Manager has the lion's share of the market but there are a litany of other ones offered by Akamai, Vercel, Amazon, and DataDome that have significant representation too.

    In total, there's about 30+ different products that BotScope can detect. The entire catalog is here: https://botscope.org/abaam

    A few technical details you might find interesting:

    - Scans are full browser webpage loads. Not just `curl` requests.

    - Scans are executed from datacenter IP addresses to closely mimic automated bot/agent webpage access.

    - There isn't any kind of pentesting or destructive stuff happening... just pure recon!

    - The product has API keys, and a hosted MCP server so scans can fit into agent/CI/internal-tool workflows too (I realize how meta this is).

    Curious for your thoughts & feedback!

  • warlord22 hours ago
    This is interesting. Why did you build this?
    • mynameyeff2 hours ago
      I was building a browser automation for a website, and kept hitting these unexplainable roadblocks where my requests would yield different responses. I wanted to know why and wrote a basic script that was able to detect that the website was using geolocation block (e.g., "You can't view this content in your country") and my browser automation was egressing from an edge function on a server in a Baltic country.

      Once I was able to make this mental connection, I tweaked my browser automation so that for that particular web property I would use a USA-based IP address. After making this fix, the browser automation was able to run successfully!

      I think there may be other uses for BotScope, but that's how I started going down this road. Thx for asking!

  • coretextian2 hours ago
    Can this detect WAF?
    • mynameyeff2 hours ago
      Yea, a few actually.

      Azure Front Door, ModSecurity, Fastly Next-Gen WAF to name a few.