A Blindelephant scan will attempt to determine the version of content management systems and other web scripts. This is useful when assessing the security of a given web site.
The Whatweb scanner is a similar tool, but one that tries to determine the types of technology in use. It can sometimes detect the version of an application passively from the source HTML. Another related tool is our “powered by” tool that uses a combination of analysis of HTTP Headers, HTML source and publicly available IP address information.
Start BlindElephant Scan
Access to scanning is restricted.
- Discover the version of 14 of the most popular types of content management systems (CMS) and web application utilities.
- Determine if a known vulnerable application version is in use.
- Develop an understanding of an organisations website security maintenance and patching policies.
BlindElephant was created for remotely “fingerprinting” which Web apps and plug-ins are running on a server before the bad guys can find and exploit weaknesses in them.
How do I run a blindelephant scan?
1. Enter target website to test.
2. Select application to assess.
3. Enter an email address and select start for the testing to begin. Results will be emailed once the test has completed.
About the BlindElephant Scanner
This scan is used to identify the version of a web application; the application may be a web forum, blog or phpmyadmin. The important thing to note about these types of applications is that there are many publicly available exploits for different versions of the applications. An exploit in a single small web application can be foothold that an attacker will capitalise on to get deeper access on the server and perhaps even compromise of an entire organisation.
So it is vitally important that web application such as those assessed by the blindelephant scan are kept up to date.
BlindElephant is a tool for fingerprinting your web application version. Security vulnerabilities in well known web applications are a common attack vector. Keeping your web applications up to date can reduce your risk of being hacked significantly.
The BlindElephant Web Application Fingerprinter will try to discover the version of a web application by comparing static files against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and fairly accurate. The tool was presented at BlackHat and the slides are available here.
Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/