I stumbled upon your BlindElephant Web Application Fingerprinter:
Some time ago I have published a similar implementation:
My webapprecon uses another approach than yours. I am evaluating different aspects of any files:
- Static Strings
- Tags, Attributes
- Class Names
This makes it possible to determine the core of a web application, even if individual changes were applied. Unfortunately your approach of a static analysis is not able to do this. If some minor changes were applied, the whole file hash changes and can't be associated with the "original file". The same problem has wafp by Richard Sammet:
I may suggest some other improvements:
- A fingerprint database provided in cleartext makes it a lot easier to verify and enhance the data. Especially during individual pentests such a dynamic behaviour is much appreciated by myself.
- A very nice addon would be, if the implementation is able to point to further vulnerabilities or ressources (e.g. CVE, OSVDB, Secunia). This would help to increase the performance of a vulnerability assessment.
Anyway, keep up the great work!