PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Looking for web app signatures for Nmap

From: Adrien de Beaupre <adriendb () gmail com>
Date: Fri, 5 Nov 2010 10:16:26 -0400
On Thu, Nov 4, 2010 at 2:51 PM, Tyler Oderkirk
<tyl.erod.e.rkirk () gmail com> wrote:

On Wed, Nov 3, 2010 at 3:58 PM, Ron <ron () skullsecurity net> wrote:

I'm trying to build a fingerprint database of common web applications for Nmap [...]


Hi Ron,

Take a look at the WhatWeb scanner by urbanadventurer aka Andrew
Horton: http://www.morningstarsecurity.com/research/whatweb

Its written in Ruby and claims to "identify content management systems
(CMS), blogging platforms, stats/analytics packages, javascript
libraries, servers and more". It includes "over 250 plugins" aka
"fingerprints".



Hi Ron,

there is also blindelephant:

http://blindelephant.sourceforge.net/

"The BlindElephant Web Application Fingerprinter attempts to discover
the version of a (known) web application by comparing static files at
known locations against precomputed hashes for versions of those files
in all all available releases. The technique is fast, low-bandwidth,
non-invasive, generic, and highly automatable."
By Patrick Thomas. Patrick gave a talk at SecTor.ca recently.

Cheers,
Adrien de Beaupre
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: