WAFP : Web Application Finger Printer Tool

WAFP : Web Application Finger Printer Tool

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application.

Sample Scan Result:

 wafp.rb –verbose -p phpmyadmin https://phpmyadmin.site.com
   VERBOSE: loading the fingerprint database to the ram…
   Collecting the files we need to fetch …
   Fetching needed files (#432), calculating checksums and storing the results to the database:
   ………………………………………………………………………………..
   VERBOSE: request for “/themes/darkblue_orange/img/b_info.png” produced “Connection refused – connect(2)” for 1 times – retrying…
   ………………………………………………………………………………..
   Checking gathered/stored checksums (#432) against the selected product (phpmyadmin) versions (#87) checksums:
   ……………………………………………………………………………
                                                                                          
    found the following matches (limited to 10):
   +————————————————————-+
    phpmyadmin-2.11.9.1                 296 / 299  (98.99%)
    phpmyadmin-2.11.9.2                 295 / 299  (98.66%)
    phpmyadmin-2.11.9.4                 295 / 299  (98.66%)
   phpmyadmin-2.11.4                   294 / 299  (98.33%)
    phpmyadmin-2.11.5.2                 294 / 299  (98.33%)
   +————————————————————-+
    WAFP 0.01-26c3  – – – – – – – – –  http://mytty.org/wafp/
                                                                 
   VERBOSE: Returncode stats:
   VERBOSE: Ret-Code 200 #302
   VERBOSE: Ret-Code 404 #130
   VERBOSE: deleting the temporary database entries for scan “472312620367191262036719_httpsphpmyadmin.site.com”

download:
 *current release*

 - version 0.01-26c3
   * tar lzma
     - direct download  -> wafp-0.01-26c3.tar.lzma
   * tar bzip2
     - direct download  -> wafp-0.01-26c3.tar.bz2
   * tar gzip
     - direct download  -> wafp-0.01-26c3.tar.gz

RESOURCES : http://mytty.org
Advertisements

2 Comments

  1. […] more here: WAFP : Web Application Finger Printer Tool « Security List Network™ Posted in: Bug Report ADD […]

  2. Yesturdays work for tomorrow – a look at some examples…

    Just noticed this example, via jon Messer on Twitter and imagine it to be very informative and too the point…


Sorry, the comment form is closed at this time.

Comments RSS