BlindElephant使用方法
朱鹤轩
简介
BlindElephant Web应用程序指纹识别器
GitHub : https://github.com/lokifer/BlindElephant
BlindElephant Web应用程序指纹识别器尝试通过比较已知位置的静态文件与所有可用版本中这些文件的版本的预计算哈希值来发现(已知)Web应用程序的版本。该技术快速,低带宽,非侵入性,通用且高度自动化。
0x001
BlindElephant.py -h
Usage: BlindElephant.py [options] url appName
Options:
-h, --help show this help message and exit
-p PLUGINNAME, --pluginName=PLUGINNAME
Fingerprint version of plugin (should apply to web app
given in appname)
-s, --skip Skip fingerprinting webpp, just fingerprint plugin
-n NUMPROBES, --numProbes=NUMPROBES
Number of files to fetch (more may increase accuracy).
Default: 15
-w, --winnow If more than one version are returned, use winnowing
to attempt to narrow it down (up to numProbes
additional requests).
-l, --list List supported webapps and plugins
-u, --updateDB Pull latest DB files from
blindelephant.sourceforge.net repo (Equivalent to svn
update on blindelephant/dbs/). May require root if
blindelephant was installed with root.
Use "guess" as app or plugin name to attempt to attempt to
discover which supported apps/plugins are installed.
0x002
#BlindElephant.py -l 列出可使用的插件
BlindElephant.py -l
Currently configured web apps: 15
confluence with 0 plugins
drupal with 16 plugins
- admin_menu
- cck
- date
- filefield
- google_analytics
- imageapi
- imagecache
- imagefield
- imce
- imce_swfupload
- pathauto
- print
- spamicide
- tagadelic
- token
- views
joomla with 0 plugins
liferay with 0 plugins
mediawiki with 0 plugins
moodle with 0 plugins
movabletype with 0 plugins
oscommerce with 0 plugins
phpbb with 0 plugins
phpmyadmin with 0 plugins
phpnuke with 0 plugins
spip with 0 plugins
tikiwiki with 0 plugins
twiki with 0 plugins
wordpress with 26 plugins
- add-to-any
- advertising-manager
- akismet
- all-in-one-seo-pack
- buddypress
- contact-form-7
- gd-star-rating
- google-analyticator
- google-sitemap-generator
- newsletter
- nextgen-gallery
- polldaddy
- simple-tags
- smart-youtube
- sociable
- stats
- subscribe2
- tinymce-advanced
- twitter-tools
- wp-e-commerce
- wp-pagenavi
- wp-spamfree
- wp-super-cache
- wp-useronline
- wptouch
- yet-another-related-posts-plugin
0x003
#用法 BlindElephant.py url appName
BlindElephant.py http://192.168.1.103/railsgoat/ movabletype0x004
#python中导入模块用法
>>> from blindelephant.Fingerprinters import WebAppFingerprinter
>>> bl = WebAppFingerprinter("http://192.168.1.103/railsgoat/","wordpress")
>>> bl.fingerprint()
Loaded /usr/lib/python2.7/dist-packages/blindelephant/dbs/wordpress.pkl with 293 versions, 5389 differentiating paths, and 480 version groups.
Starting BlindElephant fingerprint for version of wordpress at http://192.168.1.103/railsgoat/
Hit http://192.168.1.103/railsgoat//readme.html
File produced no match. Error: Failed to reach a server: Not Found
Hit http://192.168.1.103/railsgoat//wp-includes/js/tinymce/tiny_mce.js
File produced no match. Error: Failed to reach a server: Not Found
Error: All versions ruled out!
[]
>>>
类似资料: