Maguey Wiki

Maguey Application Testing Framework ™

Brought to you by: maguey

Blindelephant-en

Back Español

Blindelephant

Phase(s):

Primary: Discovery.
Secondary: N/A.

Description:

Tool to identify known components in the development of web applications.

Objective:

Identify known components in the development of web applications.

Features:

Supported technologies: Web applications (HTTP/HTTPS).

Operative mode: Active.

Identify known components in the development of web applications.

Provides component and version for the following technologies:
- Wordpress
- phpmyAdmin
- Joomla
- Mediawiki
- Drupal

Reports:
Output reports: X

Required to export the console to a text file.

Basic usage:

Perform a basic analysis of a web application. The following command starts the default analysis of web application developed in Wordpress.

BlindElephant.py http://127.0.0.1:9001/wordpress/ wordpress

Where:
• url: Web application URL address.
• Component: component-scan rate, in this case Wordpress.

The tool starts with the analysis of the web application and its components in order to identify its version. On each test shows the URL of the component tested as an approach to their possible release.

Loaded /usr/local/lib/python2.7/dist-packages/blindelephant/dbs/wordpress.pkl with 293 versions, 5389 differentiating paths, and 480 version groups.
Starting BlindElephant fingerprint for version of wordpress at http://127.0.0.1:9001/wordpress

Hit http://127.0.0.1:9001/wordpress/readme.html
Possible versions based on result: 3.0, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS,
3.0-RC2, 3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/tiny_mce.js
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/autosave.js
Possible versions based on result: 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4,
3.0.5, 3.0.5-IIS, 3.0.6, 3.0.6-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2, 3.0-RC2-IIS, 3.0-RC3,
3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-content/themes/twentyten/languages/twentyten.pot
Possible versions based on result: 3.0, 3.0-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/wp-tinymce.js.gz
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1, 2.9-RC1-IIS, 3.0, 3.0.1,
3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6, 3.0.6-IIS, 3.0-beta1,
3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2, 3.0-RC2-IIS, 3.0-RC3,
3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/about.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1, 2.9-RC1-IIS, 3.0, 3.0.1,
3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6, 3.0.6-IIS, 3.0-beta1,
3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2, 3.0-RC2-IIS, 3.0-RC3,
3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/source_editor.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/link.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/swfupload/handlers.js
Possible versions based on result: 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4,
3.0.5, 3.0.5-IIS, 3.0.6, 3.0.6-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2, 3.0-RC2-IIS, 3.0-RC3,
3.0-RC3-IIS, 3.1-beta1, 3.1-beta1-IIS, 3.1-beta2, 3.1-beta2-IIS, 3.1-RC1, 3.1-RC2, 3.1-RC2-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/image.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/color_picker.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1,
2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5, 3.0.5-IIS, 3.0.6,
3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1, 3.0-RC1-IIS, 3.0-RC2,
3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Hit http://127.0.0.1:9001/wordpress/wp-content/plugins/akismet/readme.txt
Possible versions based on result: 3.0, 3.0.1, 3.0.1-IIS, 3.0-IIS

Hit http://127.0.0.1:9001/wordpress/wp-includes/js/tinymce/themes/advanced/anchor.htm
Possible versions based on result: 2.9, 2.9.1, 2.9.1-beta1, 2.9.1-beta1-IIS, 2.9.1-IIS, 2.9.1-RC1, 2.9.1-
RC1-IIS, 2.9.2, 2.9.2-IIS, 2.9-beta-1, 2.9-beta-1-IIS, 2.9-beta-2, 2.9-beta-2-IIS, 2.9-IIS, 2.9-RC1, 2.9-RC1-IIS, 3.0, 3.0.1, 3.0.1-IIS, 3.0.2, 3.0.2-IIS, 3.0.3, 3.0.3-IIS, 3.0.4, 3.0.5,
3.0.5-IIS, 3.0.6, 3.0.6-IIS, 3.0-beta1, 3.0-beta1-IIS, 3.0-beta2, 3.0-beta2-IIS, 3.0-IIS, 3.0-RC1,
3.0-RC1-IIS, 3.0-RC2, 3.0-RC2-IIS, 3.0-RC3, 3.0-RC3-IIS

Finally, based on the classification of all results, the tool determines the version number of the component used in the web application.

Fingerprinting resulted in:
3.0
Best Guess: 3.0

Resources:

Link: http://blindelephant.sourceforge.net/
Author(s): Patrick Thomas
Contact: pthomas [at] qualys.com
License: LGPL