Fingerprinter: CMS/LMS/Library versions fingerprinter
https://securityonline.info/fingerprinter/
git clone https://github.com/erwanlr/Fingerprinter.git
$ gem install bundler
$ bundle install
need non root user (on Kali)
Currently Supported Apps
- Apache Icons
- Anchor CMS [CVEs | DB Password in error logs]
- Chamilo LMS [CVEs | Exploit DB | Security Issues]
- CKEditor [CVEs | Exploit DB]
- CMS Made Simple [Experimental] [CVEs | Exploit DB]
- Concrete5 [CVEs | Exploit DB]
- Django CMS [CVEs]
- Version disclosed when logged as a privileged user (editor, Page Owner etc):
<div class="cms_toolbar-item cms_toolbar-item-logo"><a href="/" title="---VERSION---">django CMS</a></div>
- Version disclosed when logged as a privileged user (editor, Page Owner etc):
- DNN CMS (DotNetNuke) [Releases | Security Center | CVEs | Exploit DB]
- Drupal [Security Advisories | CVEs | Exploit DB]
- Version disclosed from /CHANGELOG.txt
- Flatcore CMS [CVEs]
- FCKeditor [CVEs | Exploit DB]
- Joomla [Version History | Security Centre | CVEs | Exploit DB]
- Liferay [CVEs | Exploit DB]
- Magento Community Edition [Experimental] [CVEs | Exploit DB | Exploits]
- Mantis Bug Tracker [Experimental] [CVEs | Exploit DB | Releases]
- Version disclosed from footer (if enabled): ‘Powered By MantisBT x.x.x’
- If the copyright year in the footer is not the current year, then the version is < 1.2.13 (related commit)
- Mediaelement [Experimental] [CVEs]
- Moodle [Experimental] [CVEs | Exploit DB]
- OpenCart [CVEs | Exploit DB]
- Orchard (beware that backporting is used) [CVEs | Exploit DB]
- PHPMyAdmin (currently only the manual installation versions) [CVEs | Exploit DB]
- PrestaShop [CVEs | Exploit DB]
- PunBB [CVEs | Exploit DB]
- Roundcubemail [CVEs]
- Version disclosed from:
- /CHANGELOG
- Version disclosed from:
- Simple Machines Forum [CVEs | Exploit DB]
- Version disclosed from:
- Footer copyright
- Version disclosed from:
- TinyMCE [CVEs | Exploit DB]
- Umbraco [CVEs | Exploit DB | Compare Versions]
- WordPress [CVEs | Exploit DB | WP Vuln DB]
- Version disclosed from:
- / (meta generator, stylesheet numbers: ?ver=)
- Generator tag in /feed/, /feed/rdf/, /feed/atom/, /sitemap.xml(.gz) , /wp-links-opml.php
- /readme.html (for < 4.7, otherwise only the major version is given. ie 4.7, 4.8, 4.9)
- Use WPScan v3 with the –wp-version-all option to scan them all
- Version disclosed from:
- WordPress Plugins (using
-a wordpress-plugin --app-params <plugin-slug>[WP Vuln DB] - WordPress Themes (using
-a wordpress-theme --app-params <theme-slug>[WP Vuln DB]