BlindElephant: Open source web application fingerprinting engine
by Mirko Zorz - Tuesday, 3 August 2010.
In this video recorded at Black Hat USA 2010, Patrick Thomas, a vulnerability researcher at Qualys, discusses the open source web application fingerprinting engine BlindElephant.

BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded. It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site.

For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from. Accuracy of the tool was demonstrated by a large-scale survey on Internet-visible hosts.



Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //