A Blindelephant scan will attempt to determine the version of content management systems and other web scripts. This is useful when assessing the security of a given web site.
The Whatweb scanner is a similar tool, but one that tries to determine the types of technology in use. It can sometimes detect the version of an application passively from the source HTML.
Detect version of 13 common web applications.
Hours in Tool Management
How do I run a blindelephant scan?
1. Enter target website to test.
2. Select application to assess.
3. Enter an email address and select start for the testing to begin. Results will be emailed once the test has completed.
About the BlindElephant Scanner
This scan is used to identify the version of a web application; the application may be a web forum, blog or
phpmyadmin. The important thing to note about these types of applications is that there are many publicly available exploits for different versions of the applications. An exploit in a single small web application can be the foothold that an attacker will capitalise on to get deeper access on the server and perhaps even compromise of an entire organisation.
So it is vitally important that web application such as those assessed by the
Blindelephant scan are kept up to date.
BlindElephant is a tool for fingerprinting your web application version. Security vulnerabilities in well known web applications are a common attack vector. Keeping your web applications up to date can reduce your risk of being hacked significantly.
The BlindElephant Web Application Fingerprinter will try to discover the version of a web application by comparing static files against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and fairly accurate. The tool was presented at BlackHat and the slides are available here.
Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/