WebApp Sec mailing list archives
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner
From: "Chris Weber" <chris () casabasecurity com>
Date: Mon, 20 Jun 2011 10:04:49 -0700
dd, have you open sourced any parts of your production code, such as the fingerprinting data? Or do we each need to do that work independently? And have you detected any edge cases - for example a Web server that includes an extra newline character in the body? -Chris -----Original Message----- From: sucurisec () gmail com [mailto:sucurisec () gmail com] On Behalf Of dd () sucuri net Sent: Monday, June 20, 2011 9:58 AM To: Chris Weber Cc: seth; ryandewhurst () gmail com; webappsec () securityfocus com; websecurity () webappsec org Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Comparing the hashes of some js/css file is probably the most reliable method, since lots of sites hide their version from the generator and remove the readme file. We wrote an article about it a while ago: http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps And we still use that on our scanner ( http://sitecheck.sucuri.net ) :) Thanks, This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 18)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Veronica (Jun 19)
- Re: Introducing WPScan – WordPress Security Scanner Ryan Dewhurst (Jun 19)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Message not available
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Ryan Dewhurst (Jun 20)
- RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Chris Weber (Jun 20)
- Re: Introducing WPScan – WordPress Security Scanner seth (Jun 19)