[BlindElephant] Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. 

The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

Getting Started

BlindElephant can be used directly as a tool on the command line, or as a library to provide fingerprinting functionality to another program.

Pre-requisites:

• Python 2.6.x (prefer 2.6.5); users of earlier versions may have difficulty installing or running BlindElephant. 

Download BlindElephant

Read More

[BlindElephant] Web Application Fingerprinting

 During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here

svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

Read More