Marc Ruef

Static Analysis vs. Dynamic Analysis

Discussion created by Marc Ruef on Aug 17, 2010
Latest reply on Oct 29, 2010 by Marc Ruef

Hello Patrick,


I stumbled upon your BlindElephant Web Application Fingerprinter:



Some time ago I have published a similar implementation:



My webapprecon uses another approach than yours. I am evaluating different aspects of any files:


  • Static Strings
  • Tags, Attributes
  • Class Names
  • etc.


This makes it possible to determine the core of a web application, even if individual changes were applied. Unfortunately your approach of a static analysis is not able to do this. If some minor changes were applied, the whole file hash changes and can't be associated with the "original file". The same problem has wafp by Richard Sammet:



I may suggest some other improvements:


  • A fingerprint database provided in cleartext makes it a lot easier to  verify and enhance the data. Especially during individual pentests such a  dynamic behaviour is much appreciated by myself.
  • A very nice addon would be, if the implementation is able to point to further vulnerabilities or ressources (e.g. CVE, OSVDB, Secunia). This would help to increase the performance of a vulnerability assessment.


Anyway, keep up the great work!