30Dez/090
WAFP – Web Application Finger Printer V 0.01-26c3 released
WAFP (Web Application Finger Printer) ist ein Open Source Tool, das Dateien von einem definierten Web-Server downloaded und deren Checksumme gegen eine mitgelieferte SQLite3 Datenbank vergleicht. Auf diese Weise kann man mittlerweile über 600 verschiedene detaillierte Versionsnummern von Web-Applikationen herausfinden.
Beispiel:
r-o-f:~/.../wafp.rb http://www.root-on-fire.com
Collecting and fetching the files we need to identify the product ...
........................................................................................................................................................
Identified Product: wordpress (120.00 %)
Collecting the files we need to fetch ...
Fetching needed files (#833), calculating checksums and storing the results to the database:
..........................................................................................................................................................
Checking gathered/stored checksums (#833) against the selected product (wordpress) versions (#130) checksums:
....................................................................................................................................
found the following matches (limited to 10):
+-------------------------------------------------------------+
wordpress-2.8.6-beta1 446 / 450 (99.11%)
wordpress-2.8.6 446 / 450 (99.11%)
wordpress-2.8.4 444 / 450 (98.67%)
wordpress-2.8.5 444 / 450 (98.67%)
wordpress-2.8.5-beta1 444 / 450 (98.67%)
wordpress-2.8.3 444 / 450 (98.67%)
wordpress-2.8.2 443 / 450 (98.44%)
wordpress-2.8.1-RC1 443 / 450 (98.44%)
wordpress-2.8.1 443 / 450 (98.44%)
wordpress-2.8.1-beta2 874 / 900 (97.11%)
+-------------------------------------------------------------+
WAFP 0.01-26c3 - - - - - - - - - http://mytty.org/wafp/
Collecting and fetching the files we need to identify the product ...
........................................................................................................................................................
Identified Product: wordpress (120.00 %)
Collecting the files we need to fetch ...
Fetching needed files (#833), calculating checksums and storing the results to the database:
..........................................................................................................................................................
Checking gathered/stored checksums (#833) against the selected product (wordpress) versions (#130) checksums:
....................................................................................................................................
found the following matches (limited to 10):
+-------------------------------------------------------------+
wordpress-2.8.6-beta1 446 / 450 (99.11%)
wordpress-2.8.6 446 / 450 (99.11%)
wordpress-2.8.4 444 / 450 (98.67%)
wordpress-2.8.5 444 / 450 (98.67%)
wordpress-2.8.5-beta1 444 / 450 (98.67%)
wordpress-2.8.3 444 / 450 (98.67%)
wordpress-2.8.2 443 / 450 (98.44%)
wordpress-2.8.1-RC1 443 / 450 (98.44%)
wordpress-2.8.1 443 / 450 (98.44%)
wordpress-2.8.1-beta2 874 / 900 (97.11%)
+-------------------------------------------------------------+
WAFP 0.01-26c3 - - - - - - - - - http://mytty.org/wafp/
Homepage: http://mytty.org/wafp/
Präsentation von Richard Sammet auf dem 26C3: hier
Blogroll
- /var/bergercity/
- aptgetupdate.de
- Caschys Blog
- Gerds Blog
- infoblog.li
- Linux und Ich
- root1024
- scareware.de
- SECURITY-BLOG.EU
- TIMBOBS BLOG
- Webmaster, Security und Technik
- YAFIB
Sonstiges
Kalender
Random Posts
- Hakin9 Ausgabe 07/2010 erschienen
- Lynis - Security Informationen über den eigenen Server / System
- Nmap 5.0 Howto - Teil 8: NSE Nmap Scripting Engine - praktische Beispiele
- hostmap - hosts discovery tool
- Hakin9 - Ausgabe 05/2010 erschienen
- VirtualBox - fertige Images / Maschinen herunterladen
- WAFP - Web Application Finger Printer V 0.01-26c3 released
- Web Proxy: Anonym surfen, Filter umgehen
- Icinga 1.0 Core und Icinga Web 0.9.1 alpha veröffentlicht
- Happy Birthday Icinga