Web Application Security
RE: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner Jun 20 2011 05:04PM
Chris Weber (chris casabasecurity com)
dd, have you open sourced any parts of your production code, such as the
fingerprinting data? Or do we each need to do that work independently?

And have you detected any edge cases - for example a Web server that
includes an extra newline character in the body?

-Chris

-----Original Message-----
From: sucurisec (at) gmail (dot) com [email concealed] [mailto:sucurisec (at) gmail (dot) com [email concealed]] On Behalf Of
dd (at) sucuri (dot) net [email concealed]
Sent: Monday, June 20, 2011 9:58 AM
To: Chris Weber
Cc: seth; ryandewhurst (at) gmail (dot) com [email concealed]; webappsec (at) securityfocus (dot) com [email concealed];
websecurity (at) webappsec (dot) org [email concealed]
Subject: Re: [WEB SECURITY] Introducing WPScan - WordPress Security Scanner

Comparing the hashes of some js/css file is probably the most reliable
method, since lots of sites hide their version from the generator and remove
the readme file.

We wrote an article about it a while ago:
http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps

And we still use that on our scanner ( http://sitecheck.sucuri.net ) :)

Thanks,

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus