- Discover the version of 14 of the most popular types of content management systems (CMS) and web application utilities.
- Determine if a known vulnerable application version is in use.
- Develop an understanding of an organisations website security maintenance and patching policies.
BlindElephant was created for remotely “fingerprinting” which Web apps and plug-ins are running on a server before the bad guys can find and exploit weaknesses in them.
How do I run a blindelephant scan?
1. Enter target website to test.
2. Select application to assess.
3. Enter an email address and select start for the testing to begin. Results will be emailed once the test has completed.
About the BlindElephant Scanner
This scan is used to identify the version of a web application; the application may be a web forum, blog or
phpmyadmin. The important thing to note about these types of applications is that there are many publicly available exploits for different versions of the applications. An exploit in a single small web application can be the foothold that an attacker will capitalise on to get deeper access on the server and perhaps even compromise of an entire organisation.
So it is vitally important that web application such as those assessed by the
Blindelephant scan are kept up to date.
BlindElephant is a tool for fingerprinting your web application version. Security vulnerabilities in well known web applications are a common attack vector. Keeping your web applications up to date can reduce your risk of being hacked significantly.
The BlindElephant Web Application Fingerprinter will try to discover the version of a web application by comparing static files against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and fairly accurate. The tool was presented at BlackHat and the slides are available here.
Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/