BlindElephant – Web Application Fingerprinting
Labels:
Black Hat,
BlindElephant,
fingerprinting,
Hacking Tools,
Patrick Thomas,
penetration testing,
Vulnerability Assessment,
Web Application,
website hacking
During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.
The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.
BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.
BlindElephant is available via SVN here
svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
The Hacker News - Daily Updates