AppPrint: Web & Web 2.0 Application Server Fingerprinting tool!

by Black on November 19, 2009

in Penetration Testing, Security tools, Web Application Penetration Testing

As with any type of application assessment, you need to fingerprint the application first and then move ahead with the assessment. Tools like SinFP will help you fingerprint the OS. AppPrint will help you scan an IP range, a single IP or host for Web and Application servers.

AppPrint

AppPrint

AppPrint scans port 80 for a particular target and tries to deduce the banner using httprint methodology. This is it’s first step, some what like HTTPrint. It also makes use of signatures.txt and for other specialized fingerprinting, it makes use of ajaxfinger-db. In the next step, it uses method of forced plug-in invoke and scan for application server type, where it tries to fingerprint Tomcat, WebLogic, WebSphere, Orion, ColdFusion and Resin. It also fingerprints Web 2.0 libraries and components.

All it needs is the .NET framework 2.0 installed. The author plans to include some more technology mapping and fingerprinting technologies like Flash, Laszlo etc. and WAF fingerprinting module.

You can download AppPrint here.

0

If you enjoyed this article, you might also like:

Tagged as: , , ,

Comments on this entry are closed.

Previous post:

Next post: