BlindElephant is a nifty python app that fingerprints web applications such as wordpress, drupal, mediawiki, phpbb, joomla, and many others to determine the version of the web application.
BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a checksum to compare sizes of those files from released versions.
BlindElephant is available via SVN here:
http://blindelephant.sourceforge.net/
Here is an example of BlindElephant checking a live drupal site. I replaced the actual site with example.com for privacy:
$ BlindElephant.py http://example.com drupal Loaded /Library/Python/2.7/site-packages/blindelephant/dbs/drupal.pkl with 127 versions, 469 differentiating paths, and 376 version groups. Starting BlindElephant fingerprint for version of drupal at http://example.com Hit http://example.com/CHANGELOG.txt Possible versions based on result: 6.20 Hit http://example.com/INSTALL.txt Possible versions based on result: 6.20 Hit http://example.com/misc/drupal.js Possible versions based on result: 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/themes/garland/style.css Possible versions based on result: 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/database/updates.inc File produced no match. Error: Error code: 404 (Not Found) Hit http://example.com/MAINTAINERS.txt Possible versions based on result: 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/database/database.pgsql File produced no match. Error: Error code: 404 (Not Found) Hit http://example.com/misc/drupal.css File produced no match. Error: Error code: 404 (Not Found) Hit http://example.com/misc/autocomplete.js Possible versions based on result: 6.0, 6.0-rc2, 6.0-rc3, 6.0-rc4, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/themes/pushbutton/style.css Possible versions based on result: 6.0, 6.0-rc2, 6.0-rc3, 6.0-rc4, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/UPGRADE.txt Possible versions based on result: 6.17, 6.18, 6.19, 6.20 Hit http://example.com/database/database.mysql File produced no match. Error: Error code: 404 (Not Found) Hit http://example.com/misc/textarea.js Possible versions based on result: 6.0, 6.0-rc3, 6.0-rc4, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/misc/collapse.js Possible versions based on result: 6.0, 6.0-rc3, 6.0-rc4, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Hit http://example.com/themes/bluemarine/style.css Possible versions based on result: 6.0, 6.0-rc1, 6.0-rc2, 6.0-rc3, 6.0-rc4, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.x-dev Fingerprinting resulted in: 6.20 Best Guess: 6.20 $
Cool!
