BlindElephant - Web Application Fingerprinter

BlindElephant Web Application Fingerprinting Tool

BlindElephant is an open-source generic web application fingerprinter that produces results by comparing a small set of static files at known locations against precomputed hashes for versions of those files in all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

It can be used directly as a tool on the command line, or as a library to provide fingerprinting functionality to another program.

Note: BlindElephant requires Python 2.6.x (prefer 2.6.5).

Here is the Static File Fingerprinting approach in one picture:

Static File Fingerprinting approach Diagram

Features:

  • Fast, low-resource approach.
  • Support for commonly deployed web apps, and very easy to add support for more.
  • Support for web app plugins (Drupal and WordPress currently, more with community input).

How To Install BlindElephant

Installation is only required if you plan to use BlindElephant as a library. 

First, make sure that your python installation has distutils, and then do:

cd blindelephant/src

sudo python setup.py install

If you are a Windows user, omit "sudo".

Usage:

BlindElephant.py [options] url appName

Options:
  -h, --help            show this help message and exit
  -p PLUGINNAME, --pluginName=PLUGINNAME
                        Fingerprint version of plugin (should apply to web app
                        given in appname)
  -s, --skip            Skip fingerprinting webpp, just fingerprint plugin
  -n NUMPROBES, --numProbes=NUMPROBES
                        Number of files to fetch (more may increase accuracy).
                        Default: 15
  -w, --winnow          If more than one version are returned, use winnowing
                        to attempt to narrow it down (up to numProbes
                        additional requests).
  -l, --list            List supported webapps and plugins






No comments

Powered by Blogger.