BlindElephant is a Web Application Fingerprinter program. Of course, it is similar to WhatWeb. However, it seems that WhatWeb cannot scan the plug-in.
(Qualys security researcher Patrick Thomas discussed the open-source Web application fingerprint engine BlindElephant at the Black Hat conference. BlindElephant is a tool that helps security experts and System Administrators identify all operations on servers, including any Web applications downloaded by users. It does not detect a vulnerability, but checks the version of the running Web application)
This tool requires the Python 2.6.x environment, while the Python on BT4 is 2.5.2 by default. If you run BlindElephant, an error is returned.
1. Download python-2.7.tar.bz2 from the pythonofficial website, decompress and install it.
root@pentestbox:/pentest/scanners# tar xjvf Python-2.7.tar.bz2 root@pentestbox:/pentest/scanners# ./configure –prefix=/opt/python2.7 root@pentestbox:/pentest/scanners# make root@pentestbox:/pentest/scanners# make install |
2. Download BlindElephant from svn and install it.
root@pentestbox:/pentest/scanners#svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant root@pentestbox:/pentest/scanners#cd blindelephant/src root@pentestbox:/pentest/scanners#sudo python setup.py install |
In this case, a bulid folder will be added and BlindElephant will be run for testing.
= 700) window. open ('HTTP: // www.bkjia.com/uploads/allianc131214/0951201935-0.png'); "border = 0 src =" http://www.bkjia.com/uploads/allimg/131214/0951201935-0.png "onload =" if (this. offsetWidth> '20140901') this. width = '000000'; if (this. offsetHeight> '20140901') this. height = '000000'; ">
Comparison of fingerprint with static files as shown in
= 700) window. open ('HTTP: // www.bkjia.com/uploads/allianc131214/095120o57-1.png'); "border = 0 src =" http://www.bkjia.com/uploads/allimg/131214/095120O57-1.png "width = 700 onload =" if (this. offsetWidth> '20140901') this. width = '000000'; if (this. offsetHeight> '20140901') this. height = '000000'; ">
This article collected by the http://v.securepub.com.
- Researchers are committed to smart Web application security scanning tools
- Some necessary security measures after Web application Construction