Blind Elephant leads the way in fingerprinting web applications
The Blind Elephant Web Application Fingerprinter is a new open source tool from Qualys that attempts to discover the version information of a range of popular web applications. Blind Elephant can estimate the version numbers of Drupal, Joomla!, Liferay, Mediawiki, Moodle, MovableType, osCommerce, phpBB, phpMyAdmin, phpNuke, SPIP and WordPress and can also analyse sixteen Drupal and twenty six WordPress plug-ins.
Version number information can be useful for security specialists and attackers in deciding what attacks an installation using one of these applications may be vulnerable to. Many installations may be running older and therefore often vulnerable versions, but this it is not easily established without direct access to the server's file system and installed applications.
Blind Elephant, a Python based tool, uses "static file analysis" and loads various known paths from the web applications served content over the network to determine which version of that web application is running. The technique used is discussed in a paper which was presented at the recent Black Hat conference. The developers are also working on tools to counteract fingerprinting, but observe that "relying on a package manager or hosting provider for security-critical updates in not sufficient" saying that these tend to be several updates behind the most recent, most secure versions.
Blind Elephant has been released under an LGPL licence and can be downloaded from the project's subversion repository. Qualys is also hosting resources, such as papers and presentations on the tool, on its community site.