lecture: High-performance web application fingerprinting
based on SCM repositories
While outdated versions of FLOSS web applications could be masked by removing clues such as READMEs and changelogs, SCM repositories could still be used to fingerprint the version installed. While this could be done manually, we'll show you an automated approach.
Network security assessments often reveal web servers running various outdated versions of FLOSS web applications such as RoundCube, phpMyAdmin or SquirrelMail. Narrowing the set of vulnerabilities that could affect such a setup is easier if we know the version installed, however in many cases, obvious clues such as READMEs and changelogs are removed on purpose.
When the source code along with its history is available online, it is possible to correlate static file contents with specific commit ranges, and we had done so in the past manually. However, much of this could be automated, so we developed a tool that can identify a Git commit range based on static file contents. It can be used either as a standalone tool or as a Burp Suite plugin.
The talk describes and demonstrates our tool from source code to everyday usage, along with an intro to git internals to understand how this can be done fast on repositories with hundreds of thousands of commits. Source code is already up on GitHub, pull requests are welcome (see link on the right).
Start time: 19:20