2009/6/8 Andres Riancho <andres.rian...@gmail.com>: > Ryan, > > On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola<wi...@wisec.it> wrote: >> Guys, >> Sorry for getting into the middle of this thread without knocking... > > hehehe > >> Inline since I hate bottom posting :) > > ok, > >> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>> Ryan, >>> >>> First of all, I would like to congratulate you for a job well >>> done. The wordpress_fingerprint plugin is now part of w3af. >>> >>> I just commited it [0] to the trunk with a couple of changes >>> (please review those changes, they are important). >>> >>> On the other hand, we still need to work a little more on this >>> plugin. One of the features that I think should be implemented is the >>> comparison between the fingerprinted version, and the version that's >>> retrieved with the regular expression, could you do that? >>
I'll do this over the next few days. >> I know is a bit out of scope with the actual implementation of the >> wordpress_fingerprint plugin, but I just finished reading this >> interesting post: >> >> Web App Version detection using fingerprinting >> http://sucuri.net/?page=docs&title=webapp-version-detection >> >> in particular: >> 2- Wordpress Version Detection >> 3- Wordpress version fingerprinting - Comparing files > > Ahhh!!!!! This is the blog post that I was talking about with Ryan! I > failed to find it after reading it a couple of weeks ago! Thanks > Stefano! > Aye, this was more or less the same way as I got the fingerprinting data. Wish I had seen that blog post before I started as I did all my research manually. lol >> which I think is on topic at least to some extent. >> It should not be too difficult to add a txt file and check for the >> existence of those files to get a double check confirmation of the WP >> version. > > I think that we could add this information to the plugin fingerprint > "database" pretty easily. Thanks! > Yup, now the code is working it will be easy to extend on it. Will also be easy to use the same template for other popular web apps. I'll read the post in more detail tonight. > Cheers, > >> >>> Also related, I just twitted about this [1] >>> >>> [0] >>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>> [1] http://twitter.com/w3af >>> >>> Cheers, >> >> Cheers, >> >> > > Thank you and cheers! Blogged about w3af/plugin: http://www.ethicalhack3r.co.uk/ > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
