WAFP
Jump to navigation
Jump to search
Description
WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB.
WAFP analyzes the files of a web application by comparing their checksums with the ones in the fingerprint database. If an entry is found, the application fingerprint is then displayed (application name, version, ...).
Installation
Prerequisites
$ sudo apt-get install ruby sqlite3 libsqlite3-ruby
Installation of WAFP
$ cd /data/src/ $ wget http://mytty.org/wafp/wafp-0.01-26c3.tar.bz2 $ mkdir -p /pentest/enumeration/www/ $ bzip2 -cd wafp-0.01-26c3.tar.bz2 | tar xf - -C /pentest/enumeration/www/
Usage
Basic Syntax
$ ./wafp.rb [Options] {URL}
Options
- -p, --product <STRING>
- a string which represents the name of the product to check for;
- STRING can be something like "wordpress"
- -v, --pversion <STRING>
- a string which represents the versions of the product to check for;
- STRING can be something like "2.2.1" or "%.2" or "1.%".
- -P, --dump-products <STRING>
- this will dump all products for which fingerprints are available;
- STRING can be something like "%bb%" which will select all products having bb|BB in their name.
- -s, --store <STRING>
- write the fetched data to the database for later use;
- STRING is used as an identifier.
- -f, --fetch
- fetch only - do not fingerprint the app.
- (mostly used in conjunction with -s)
- -l, --list <STRING>
- list the stored data archives containing STRING.
- STRING is optional in this case.
- -d, --dry <STRING>
- perform the fingerprint on the stored data STRING instead of fetching it.
- -t, --threads <INT>
- this is the count of threads to use.
- default=8
- --user-agent <STRING>
- a STRING which holds the User-Agent headerfield contents.
- --outlines <INT>
- number of results to print.
- default=10
- --timeout <INT>
- connection timeout in seconds.
- default=10
- --retries <INT>
- maximum retries per file to fetch.
- default=3
- --any
- this causes wafp to fetch all files known by fingerprints of all products.
- --low-mem
- this causes wafp to NOT load the fingerprint database to the memory.
- --verbose
- turns on verbose output.
- --debug
- turns on debug output.
- --quiet
- output off - besides the final results.
- --dbinfo
- prints some database stats.
- --version
- print WAFP version and exit.
- -h, --help
- print this help and exit.
Example
$ ./wafp.rb -p 'wordpress' http://www.neo-*******.com/ Collecting the files we need to fetch ... Fetching needed files (#833), calculating checksums and storing the results to the database: ........................................................................... ........................................................................... ........................................................................... Checking gathered/stored checksums (#833) against the selected product (wordpress) versions (#130) checksums: ........................................................................... ........................................................................... found the following matches (limited to 10): +-------------------------------------------------------------+ wordpress-2.9.1-beta1 467 / 473 (98.73%) wordpress-2.9 465 / 473 (98.31%) wordpress-2.9-RC1 459 / 473 (97.04%) wordpress-2.9-beta-2 443 / 473 (93.66%) wordpress-2.9-beta-1 423 / 473 (89.43%) wordpress-2.8.6-beta1 358 / 450 (79.56%) wordpress-2.8.6 358 / 450 (79.56%) wordpress-2.8.4 357 / 450 (79.33%) wordpress-2.8.5 357 / 450 (79.33%) wordpress-2.8.3 357 / 450 (79.33%) +-------------------------------------------------------------+ WAFP 0.01-26c3 - - - - - - - - - http://mytty.org/wafp/