Ryan, On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola<wi...@wisec.it> wrote: > Guys, > Sorry for getting into the middle of this thread without knocking...
hehehe > Inline since I hate bottom posting :) ok, > Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >> Ryan, >> >> First of all, I would like to congratulate you for a job well >> done. The wordpress_fingerprint plugin is now part of w3af. >> >> I just commited it [0] to the trunk with a couple of changes >> (please review those changes, they are important). >> >> On the other hand, we still need to work a little more on this >> plugin. One of the features that I think should be implemented is the >> comparison between the fingerprinted version, and the version that's >> retrieved with the regular expression, could you do that? > > I know is a bit out of scope with the actual implementation of the > wordpress_fingerprint plugin, but I just finished reading this > interesting post: > > Web App Version detection using fingerprinting > http://sucuri.net/?page=docs&title=webapp-version-detection > > in particular: > 2- Wordpress Version Detection > 3- Wordpress version fingerprinting - Comparing files Ahhh!!!!! This is the blog post that I was talking about with Ryan! I failed to find it after reading it a couple of weeks ago! Thanks Stefano! > which I think is on topic at least to some extent. > It should not be too difficult to add a txt file and check for the > existence of those files to get a double check confirmation of the WP > version. I think that we could add this information to the plugin fingerprint "database" pretty easily. Thanks! Cheers, > >> Also related, I just twitted about this [1] >> >> [0] >> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >> [1] http://twitter.com/w3af >> >> Cheers, > > Cheers, > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
