WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

From: "Chris Weber" <chris () casabasecurity com>
Date: Mon, 20 Jun 2011 10:04:49 -0700
dd, have you open sourced any parts of  your production code, such as the
fingerprinting data?  Or do we each need to do that work independently?

And have you detected any edge cases - for example a Web server that
includes an extra newline character in the body?

-Chris

-----Original Message-----
From: sucurisec () gmail com [mailto:sucurisec () gmail com] On Behalf Of
dd () sucuri net
Sent: Monday, June 20, 2011 9:58 AM
To: Chris Weber
Cc: seth; ryandewhurst () gmail com; webappsec () securityfocus com;
websecurity () webappsec org
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Comparing the hashes of some js/css file is probably the most reliable
method, since lots of sites hide their version from the generator and remove
the readme file.

We wrote an article about it a while ago:
http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps

And we still use that on our scanner ( http://sitecheck.sucuri.net ) :)

Thanks,




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: