Web Application Fingerprinting

Aus Laub-Home Wiki

Dieser Artikel befasst sich mit dem Thema "Web Application Fingerprinting" oder anders gesagt deren Analyse und Einschätzung zur Software bzw. Version.

BlindElephant

Die Software BlindElephant versucht über eine statische Dateianalyse eine Einschätzung zur verwendeten Software-Version zu machen.


Installation

Voraussetzung: Python 2.6.x (prefer 2.6.5)

SVN Installation: 

svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk /usr/local/src/blindelephant
python /usr/local/src/blindelephant/src/setup.py install


Sollte es zu Problemen bei der Verwendung des "LatestVersionFetcher.py" DB-Update-Scriptes kommen fehlt ggf, die Python Bibliothek "BeautifulSoup" (Installation aptitude install python-beautifulsoup)

Verwendung

python BlindElephant.py http://blog.testhost wordpress

Ausgabe: 

Loaded /usr/local/lib/python2.7/dist-packages/blindelephant/dbs/wordpress.pkl with 293 versions, 5389 differentiating paths, and 480 version groups.
Starting BlindElephant fingerprint for version of wordpress at http://blog.testhost

Hit http://blog.testhost/readme.html
File produced no match. Error: Retrieved file doesn't match known fingerprint. c2240a3ce9886e55deefe9d5186a06c8

Hit http://blog.testhost/wp-includes/js/tinymce/tiny_mce.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. 04a0fa732e52f65f78dc23c18897d392

Hit http://blog.testhost/wp-includes/js/autosave.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. 206b3631b77b7183f67e0fbc5a55ba1a

Hit http://blog.testhost/wp-content/themes/twentyten/languages/twentyten.pot
File produced no match. Error: Retrieved file doesn't match known fingerprint. 7a1a853bdc64831c8ba996e050b84817

Hit http://blog.testhost/wp-includes/js/tinymce/wp-tinymce.js.gz
File produced no match. Error: Retrieved file doesn't match known fingerprint. cac2178897da84cfcfd2472a1e7e9b63

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/about.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. b38056e26abdbb60f346235afa5f6a3b

Hit http://blog.testhost/wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. 8604f0414d0fba6492eaa5f862418896

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/source_editor.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. f7bb0e9455ad702b94a4f887c4f6c502

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/link.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. d8f880cceb582cb3ac3ee9803222e553

Hit http://blog.testhost/wp-includes/js/swfupload/handlers.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. b4eca03b1b8efb48d3268c5239a9c620

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/image.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. e04bb80ce16a977010d0873b7f7a16f9

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/color_picker.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. c1f55ecaeead10a3e5e61de43d6bb514

Hit http://blog.testhost/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
Possible versions based on result: 3.3, 3.3.1, 3.3.1-IIS, 3.3.2, 3.3.2-IIS, 3.3.2-RC1, 3.3.2-RC1-IIS, 3.3.3, 3.3.3-IIS, 3.3-beta1, 3.3-beta1-IIS, 3.3-beta2, 3.3-beta2-IIS, 3.3-beta3, 3.3-beta3-IIS, 3.3-beta4, 3.3-beta4-IIS, 3.3-IIS, 3.3-RC1, 3.3-RC1-IIS, 3.3-RC2, 3.3-RC2-IIS, 3.3-RC3, 3.3-RC3-IIS, 3.4, 3.4.1, 3.4.1-IIS, 3.4.2, 3.4.2-IIS, 3.4-beta1, 3.4-beta1-IIS, 3.4-beta2, 3.4-beta2-IIS, 3.4-beta3, 3.4-beta3-IIS, 3.4-beta4, 3.4-beta4-IIS, 3.4-IIS, 3.4-RC1, 3.4-RC1-IIS, 3.4-RC2, 3.4-RC2-IIS, 3.4-RC3, 3.4-RC3-IIS, 3.4-RC4, 3.4-RC4-IIS

Hit http://blog.testhost/wp-content/plugins/akismet/readme.txt
File produced no match. Error: Error code: 404 (Not Found)

Hit http://blog.testhost/wp-includes/js/tinymce/themes/advanced/anchor.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. fde5de4cc6965fed45dc224cf43a27ed


Fingerprinting resulted in:
3.3
3.3.1
3.3.1-IIS
3.3.2
3.3.2-IIS
3.3.2-RC1
3.3.2-RC1-IIS
3.3.3
3.3.3-IIS
3.3-beta1
3.3-beta1-IIS
3.3-beta2
3.3-beta2-IIS
3.3-beta3
3.3-beta3-IIS
3.3-beta4
3.3-beta4-IIS
3.3-IIS
3.3-RC1
3.3-RC1-IIS
3.3-RC2
3.3-RC2-IIS
3.3-RC3
3.3-RC3-IIS
3.4
3.4.1
3.4.1-IIS
3.4.2
3.4.2-IIS
3.4-beta1
3.4-beta1-IIS
3.4-beta2
3.4-beta2-IIS
3.4-beta3
3.4-beta3-IIS
3.4-beta4
3.4-beta4-IIS
3.4-IIS
3.4-RC1
3.4-RC1-IIS
3.4-RC2
3.4-RC2-IIS
3.4-RC3
3.4-RC3-IIS
3.4-RC4
3.4-RC4-IIS


Best Guess: 3.4.2
Abgerufen von „https://www.laub-home.de/index.php?title=Web_Application_Fingerprinting&oldid=7734