Home

Awesome

Rawsec's CyberSecurity Inventory Packaging status License: CC BY-NC 4.0

Fingerprinter

This script goal is to try to find the version of the remote application/third party script etc by using a fingerprinting approach.

Installation

Form source

Inside the cloned repo directory:

$ gem install bundler
$ bundle install
Install on BlackArch:
$ sudo pacman -S fingerprinter

Currently Supported Apps (along with some location/s of versions being disclosed)

Unsupported Apps (along with the reason, useful links & location/s of versions being disclosed)

Basic Usage Examples

Using all the Fingerprints
./fingerprinter.rb --app-name wordpress --fingerprint http://target.com/blog/
Using unique Fingerprints

With this mode, only the unique Fingerprints (across all the application's versions files) will be tested. This mode is faster than the previous one, and more reliable. However it is possible that an application's version does not have any unique fingerprints (like Apache Icons, which only has 2 unique fingerprints for the version 2.4.4, and none for the others)

./fingerprinter.rb --app-name wordpress --unique-fingerprint http://target.com/blog/
Using passive fingerprinting mode

In this mode, the homepage of the target is scanned for included ressources such as JavaScript files, Images and so on which are then checked against the DB.

./fingerprinter.rb --app-name wordpress --passive-fingerprint http://target.com/blog/

Options

-p, --proxy PROXY                   Proxy to use during the fingerprinting
    --timeout SECONDS               The number of seconds for the request to be performed, default 20s
    --connect-timeout SECONDS       The number of seconds for the connection to be established before timeout, default 5s
    --cookies-file, --cf FILE-PATH  The cookies file to use during the fingerprinting
    --cookies-string, --cs COOKIE/S The cookies string to use in requests
    --user-agent, --ua UA           User-Agent to use in all fingerprinting requests
-d, --db PATH-TO-DB                 Path to the db of the app-name (default is db/<app-name>.json)
-u, --update                        Update the db of the app-name
-m, --manual DIRECTORY-PATH         To be used along with the --update and --version options. Process the (local) DIRECTORY-PATH and compute the file fingerprints
    --version                       Used with --manual to set the version of the processed fingerprints
    --update-all,                   Update all the apps, except the wordpress plugins and themes
-v, --verbose                       Verbose Mode

Example: Add the file fingerprints from /tmp/test into the Liferay DB for the v6.2

./fingerprinter -a liferay --update --manual /tmp/test --version 6.2

Search the Application Database

Along with the --app-name option (or -a), the database can be searched:

--list-version, --lv                       List all the known versions in the DB for the given app
--list-files, --lf VERSION                 List all files related to the version for the given app
--list-unique-fingerprints, --luf VERSION  List the unique hashes related to the files for the supplied version of the app
--search-hash, --sh HASH                   Search the hash and output the app-name versions & file
--search-file, --sf FILE                   Search the file (ie --sf read will return aread.txt, readme.html etc) and output the app-name versions & hashes

Example: List all the unique Fingerprints for WordPress 3.8.1

./fingerprinter.rb -a wordpress --luf 3.8.1

--help

Usage: ./fingerprinter.rb [options]
    -p, --proxy PROXY                                  Proxy to use during the fingerprinting
        --timeout SECONDS                              The number of seconds for the request to be performed, default 20s
        --cookies-file, --cf FILE-PATH                 The cookies file to use during the fingerprinting
        --cookies-string, --cs COOKIE/S                The cookies string to use in requests
        --user-agent, --ua UA                          User-Agent to use in all fingerprinting requests
    -a, --app-name APPLICATION                         The application to fingerprint. Currently supported: apache-icons, chamilo-lms, ckeditor, cms-made-simple, concrete5, django-cms, dnn-cms drupal, fckeditor, joomla, liferay, magento-ce, mantisbt, mediaelement, moodle, phpmyadmin, prestashop, punbb, tinymce, umbraco, wordpress
    -d, --db PATH-TO-DB                                Path to the db of the app-name
    -u, --update                                       Update the db of the app-name
        --manual DIRECTORY-PATH                        To be used along with the --update and --version options. Process the (local) DIRECTORY-PATH and compute the file fingerprints
        --version VERSION                              Used with --manual to set the version of the processed fingerprints
        --update-all,                                  Update all the apps
        --list-versions, --lv                          List all the known versions in the DB for the given app
        --list-files, --lf VERSION                     List all files related to the version for the given app
        --list-unique-fingerprints, --luf VERSION      List the unique hashes related to the files for the supplied version of the app
        --search-hash, --sh HASH                       Search the hash and output the app-name versions & file
        --search-file, --sf FILE                       Search the file using a LIKE method (so % can be used, e.g: readme%) and output the app-name versions & hashes
        --fingerprint URL                              Fingerprint the app-name at the given URL using all fingerprints
        --unique-fingerprint, --uf URL                 Fingerprint the app-name at the given URL using unique fingerprints
        --passive-fingerprint, --pf URL                Passively fingerprint the URL
        --db-verbose, --dbv                            Database Verbose Mode
    -v, --verbose                                      Verbose Mode