Web Application Security
Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Jun 20 2011 06:39PM
Ryan Dewhurst (ryandewhurst gmail com)
The client side file hashing is something I became aware of after
writing the w3af wordpress version discovery plugin a few years back.
The w3af plugin just does string matching though, if string in file,
version is x. But the idea was put forward then by someone or multiple
people (can't remember) after completing it.

It is definitely something I will implement into WPScan in the future.
I find the readme file version isn't always reliable and the generator
tag is sometimes removed.

I also plan to implement plugin and plugin version detection along
with vulnerability matching (by version And some further username
enumeration techniques.

If any one would like to contribute and make a start on any of these,
it would be awesome!

The project is still in ALPHA and needs a fair bit of work, but I
believe it has the grounding to become a great tool!

Ryan

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r

On Mon, Jun 20, 2011 at 6:04 PM, Chris Weber <chris (at) casabasecurity (dot) com [email concealed]> wrote:
> dd, have you open sourced any parts of  your production code, such as the
> fingerprinting data?  Or do we each need to do that work independently?
>
> And have you detected any edge cases - for example a Web server that
> includes an extra newline character in the body?
>
> -Chris
>
> -----Original Message-----
> From: sucurisec (at) gmail (dot) com [email concealed] [mailto:sucurisec (at) gmail (dot) com [email concealed]] On Behalf Of
> dd (at) sucuri (dot) net [email concealed]
> Sent: Monday, June 20, 2011 9:58 AM
> To: Chris Weber
> Cc: seth; ryandewhurst (at) gmail (dot) com [email concealed]; webappsec (at) securityfocus (dot) com [email concealed];
> websecurity (at) webappsec (dot) org [email concealed]
> Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner
>
> Comparing the hashes of some js/css file is probably the most reliable
> method, since lots of sites hide their version from the generator and remove
> the readme file.
>
> We wrote an article about it a while ago:
> http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps
>
> And we still use that on our scanner ( http://sitecheck.sucuri.net ) :)
>
> Thanks,
>
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus