BlindElephant - Web Application Fingerprinter
BlindElephant is an open-source generic web application fingerprinter that produces results by comparing a small set of static files at known locations against precomputed hashes for versions of those files in all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.
It can be used directly as a tool on the command line, or as a library to provide fingerprinting functionality to another program.
Note: BlindElephant requires Python 2.6.x (prefer 2.6.5).
Here is the Static File Fingerprinting approach in one picture:
- Fast, low-resource approach.
- Support for commonly deployed web apps, and very easy to add support for more.
- Support for web app plugins (Drupal and WordPress currently, more with community input).
How To Install BlindElephant
Installation is only required if you plan to use BlindElephant as a library.
First, make sure that your python installation has distutils, and then do:
sudo python setup.py install
If you are a Windows user, omit "sudo".
BlindElephant.py [options] url appName
Options:-h, --help show this help message and exit-p PLUGINNAME, --pluginName=PLUGINNAMEFingerprint version of plugin (should apply to web appgiven in appname)-s, --skip Skip fingerprinting webpp, just fingerprint plugin-n NUMPROBES, --numProbes=NUMPROBESNumber of files to fetch (more may increase accuracy).Default: 15-w, --winnow If more than one version are returned, use winnowingto attempt to narrow it down (up to numProbesadditional requests).-l, --list List supported webapps and plugins
You might also like: