'Re: [WEB SECURITY] Fingerprinting web applications (Joomla, Mediawiki and Wordpress)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    Re: [WEB SECURITY] Fingerprinting web applications (Joomla, Mediawiki and Wordpress)
From:       Emilio Casbas <ecasbasj () yahoo ! es>
Date:       2010-01-29 23:59:36
Message-ID: 569497.8454.qm () web24107 ! mail ! ird ! yahoo ! com
[Download RAW message or body]

Hi dd,

while your technique is quite interesting and accurate, it's require a high effort to \
get all variety of CMS, blogging platforms, etc, and would be difficult use with \
non-open source software.

Recently it was released WhatWeb; a Web Scanner with over 60 plugins to detect \
different CMS systems, blogging platforms, stats/analytics packages, javascript \
libraries, servers and more. http://www.morningstarsecurity.com/research/whatweb

I'ts quite easy to develop plugins for WhatWeb, perhaps your technique could be \
integrate in existent plugins or develop new ones to achieve more accurate results \
with WhatWeb.


Regards
Emilio




________________________________
De: "dd@sucuri.net" <dd@sucuri.net>
Para: websecurity@webappsec.org
CC: webappsec@lists.owasp.org
Enviado: vie,29 enero, 2010 15:24
Asunto: [WEB SECURITY] Fingerprinting web applications (Joomla, Mediawiki and \
Wordpress)

Hi List,

I just posted a document on fingerprinting web applications where I show
some ideas to remotely detect the version of Joomla, Mediawiki and Wordpress
(easily extended to other apps).

http://sucuri.net/?page=docs&title=fingerprinting-web-apps

There is also a live tool for you to test with any site:
http://sucuri.net/?page=docs&title=fingerprinting-web-apps#v6


Thanks,

--dd

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


      


[Attachment #3 (text/html)]

<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:times new roman,new \
york,times,serif;font-size:8pt"><div>Hi dd,<br><br>while your technique is quite \
interesting and accurate, it's require a high effort to get all variety of CMS, \
blogging platforms, etc, and<br>would be difficult use with non-open source \
software.<br><br>Recently it was released WhatWeb; a Web Scanner with over 60 plugins \
to detect different CMS systems, blogging platforms, \
stats/analytics<br><span>packages, javascript libraries, servers and more. <a \
target="_blank" href="http://www.morningstarsecurity.com/research/whatweb">http://www.morningstarsecurity.com/research/whatweb</a></span><br><br>I'ts \
quite easy to develop plugins for WhatWeb, perhaps your technique could be integrate \
in existent plugins or develop<br>new ones to achieve more accurate results with \
WhatWeb.<br><br><br>Regards<br>Emilio<br></div><div style="font-family:  times new \
roman,new york,times,serif; font-size: 8pt;"><br><div style="font-family: \
arial,helvetica,sans-serif; font-size: 10pt;"><font face="Tahoma" size="2"><hr \
size="1"><b><span style="font-weight: bold;">De:</span></b> "dd@sucuri.net" \
&lt;dd@sucuri.net&gt;<br><b><span style="font-weight: bold;">Para:</span></b> \
websecurity@webappsec.org<br><b><span style="font-weight: bold;">CC:</span></b> \
webappsec@lists.owasp.org<br><b><span style="font-weight: bold;">Enviado:</span></b> \
vie,29 enero, 2010 15:24<br><b><span style="font-weight: bold;">Asunto:</span></b> \
[WEB SECURITY] Fingerprinting web applications (Joomla, Mediawiki and \
Wordpress)<br></font><br>Hi List,<br><br>I just posted a document on fingerprinting \
web applications where I show<br>some ideas to remotely detect the version of Joomla, \
Mediawiki and Wordpress<br>(easily extended to other apps).<br><br><a \
href="http://sucuri.net/?page=docs&amp;title=fingerprinting-web-apps"  \
target="_blank">http://sucuri.net/?page=docs&amp;title=fingerprinting-web-apps</a><br><br>There \
is also a live tool for you to test with any site:<br><a \
href="http://sucuri.net/?page=docs&amp;title=fingerprinting-web-apps#v6" \
target="_blank">http://sucuri.net/?page=docs&amp;title=fingerprinting-web-apps#v6</a>< \
br><br><br>Thanks,<br><br>--dd<br><br>----------------------------------------------------------------------------<br>Join \
us on IRC: irc.freenode.net #webappsec<br><br>Have a question? Search The Web \
Security Mailing List Archives: <br><a \
href="http://www.webappsec.org/lists/websecurity/archive/" \
target="_blank">http://www.webappsec.org/lists/websecurity/archive/</a><br><br>Subscribe \
via RSS: <br><a href="http://www.webappsec.org/rss/websecurity.rss" \
target="_blank">http://www.webappsec.org/rss/websecurity.rss</a> [RSS \
Feed]<br><br>Join WASC on LinkedIn<br><a \
href="http://www.linkedin.com/e/gis/83336/4B20E4374DBA"  \
target="_blank">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br><br></div></div>
 <!-- cg7.c41.mail.ird.yahoo.com compressed/chunked Fri Jan 29 08:15:14 PST 2010 -->
</div><br>



      </body></html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic