Home / BlindElephant / EN / Fingerprint / Fingerprinting / Linux / Python / Windows / [BlindElephant] Web Application Fingerprinting

[BlindElephant] Web Application Fingerprinting

| Post sponsored by FaradaySEC | Multiuser Pentest Environment

 During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

BlindElephant %E2%80%93 Web Application Fingerprinting

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here
svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant
[BlindElephant] Web Application Fingerprinting [BlindElephant] Web Application Fingerprinting Reviewed by Zion3R on 10:00 PM Rating: 5