The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.
Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/
BlindElephant can be used directly as a tool on the command line, or as a library to provide fingerprinting functionality to another program.
Abstract—While Operating System and Web Server fingerprinting are well established in the toolkit of penetration testers and network administrators, reliable tooling for fingerprinting at the application level has been slow to emerge.
This paper introduces BlindElephant, a fast, accurate, and very generic web application fingerprinter that identifies application and plugin versions via static files.
The paper also provides results from large-scale tests of the tool, and makes some observations about the state of web application security on the internet at large, and discusses future work on countermeasures and counter-countermeasures for static file fingerprinting.
[Note : This is only For Education Purpose ]
0 comments:
Post a Comment