Questions about this topic? Sign up to ask in the talk tab.


From NetSec
Revision as of 06:50, 2 June 2012 by GertieUbpgdd (Talk | contribs) (Minor reformatting)

Jump to: navigation, search
Main article: Web exploitation tools

Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application.


  • LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site.
  • YAML::XS - Install with cpan in bash (cpan -i YAML::XS)

Usage -d domain.tld [-v -p [remote_path_to_web_application]]


<syntaxhighlight lang="perl">

  1. !/usr/bin/perl
  2. @url
  3. @author fxm+hatter

use strict; use YAML; use YAML::XS; use Digest::MD5 qw(md5_hex); use LW2; use Getopt::Std;

my @apps; my %opts;

getopts('c:p:d:v', \%opts);

usage() unless $opts{d};

my $domain = $opts{d}; my $verbose = 0; $verbose = 1 if $opts{v}; my $path = ; $path = $opts{p} if ($opts{p});

opendir(SIGDIR, "./sigs/") or die $!; my @filenames = grep {

     && -f "./sigs/$_"

} readdir(SIGDIR);

my $i = 0;

foreach my $file (@filenames) {

   $apps[$i] = YAML::XS::LoadFile("./sigs/$file");


foreach my $app (@apps) {

   print "Downloading " . $path . $app->{'config'}->{'check_file'} . " to check for " . $app->{'config'}->{'app_name'} . "\n";
   my $contents = download($path . $app->{'config'}->{'check_file'}, $domain);    
   my $target_md5 = md5_hex($contents);
   foreach my $sig (keys %{$app->{'sigs'
) {
       print "Comparing $target_md5 with " . $app->{'sigs'}->{$sig} . " for " . $app->{'config'}->{'app_name'} . " " . $sig . " detection.\n" if ($verbose > 0);
       die($app->{'config'}->{'app_name'} . " version " . $sig ."\n") if ($app->{'sigs'}->{$sig} eq $target_md5);


sub usage {

   print " -d domain.tld [-v -p [remote_path_to_web_application]]\n";


sub download {

   my $uri = shift;
   my $try = 5;
   my $host = shift;
   my %request;
   my %response;
   $request{'whisker'}->{'method'} = "GET";
   $request{'whisker'}->{'host'} = $host;
   $request{'whisker'}->{'uri'} = $uri;
   $request{'whisker'}->{'encode_anti_ids'} = 9;
   $request{'User-Agent'} = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10";
   if(LW2::http_do_request(\%request, \%response)) {
       if($try < 5) {
           print "Failed to fetch $uri on try $try. Retrying...\n";
           return undef if(!download($uri, $try++));
       print "Failed to fetch $uri.\n";
       return undef;
   } else {
       return ($response{'whisker'}->{'data'}, $response{'whisker'}->{'data'});



Signature Bundles

c3el4.png Each signature bundle is written in yaml.


  • sigs/wordpress.yml
  app_name: Wordpress
  check_file: /wp-includes/js/tinymce/tiny_mce.js
  2.0: a306a72ce0f250e5f67132dc6bcb2ccb
  2.1: 4f04728cb4631a553c4266c14b9846aa
  2.2: 25e1e78d5b0c221e98e14c6e8c62084f
  2.3: 83c83d0f0a71bd57c320d93e59991c53
  2.5: 7293453cf0ff5a9a4cfe8cebd5b5a71a
  2.6: 61740709537bd19fb6e03b7e11eb8812
  2.7: e6bbc53a727f3af003af272fd229b0b2
  2.8.5: 56c606da29ea9b8f8d823eeab8038ee8
  2.9.1: 128e75ed19d49a94a771586bf83265ec
  3.0.0: 128e75ed19d49a94a771586bf83265ec
  3.0.1: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.0.2: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.0.3: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.0.4: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.0.5: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.0.6: 0711a6aa3862ac0dd2f9ef1a3d26f809
  3.1: c67211f73b63e773e626127aa95338c2
  3.1.1: 1786644689f0495f07d5ae1737395108
  3.1.2: 1786644689f0495f07d5ae1737395108
  3.1.3: 1786644689f0495f07d5ae1737395108
  3.1.4: 1786644689f0495f07d5ae1737395108
  3.2: b2c6b6d221c816948248b453046355eb
  3.2.1: b2c6b6d221c816948248b453046355eb
  3.3.1: 9754385dabfc67c8b6d49ad4acba25c3


  • sigs/joomla.yml
  app_name: Joomla
  check_file: /includes/js/joomla.javascript.js
  1.0.11: 1d28094f16c310591b855982759bc992
  1.0.14: 9570ccaab7cdac45e6727740515ce69a
  1.0.15: 9570ccaab7cdac45e6727740515ce69a
  1.0.4: 1080567bb801a301e3be618805a55125
  1.0.6: 1080567bb801a301e3be618805a55125
  1.0.8: 222ab5eb9cb8136619053a4f8358b9a5
  1.5.1: b891f61dc9b85a9193592c9d13e9c97a
  1.5.10: 326412fc179cb787500adffada69c4e7
  1.5.11: 326412fc179cb787500adffada69c4e7
  1.5.14: 326412fc179cb787500adffada69c4e7
  1.5.15: 326412fc179cb787500adffada69c4e7
  1.5.4: 326412fc179cb787500adffada69c4e7
  1.5.5: 326412fc179cb787500adffada69c4e7
  1.5.8: 326412fc179cb787500adffada69c4e7
  1.5.9: 326412fc179cb787500adffada69c4e7


  • sigs/mediawiki.yml
  app_name: MediaWiki
  check_file: /skins/simple/main.css
  1.10.0: 31ef23cbcdf689bd68d957ae0d8b8a19 
  1.10.2: 31ef23cbcdf689bd68d957ae0d8b8a19
  1.10.3: 31ef23cbcdf689bd68d957ae0d8b8a19
  1.13.0: 6781b4412fbc451b792c4cdc88b0a1fa
  1.13.5: 6781b4412fbc451b792c4cdc88b0a1fa
  1.14.0: 846eec3b6696476a79548b82bf48e492
  1.14.1: 846eec3b6696476a79548b82bf48e492
  1.15.1: b6301262680144f1709d995a6c097db8
  1.5.2: 2fb3891102f9fe2d37a4bdb47b8f42de
  1.5.8: 2fb3891102f9fe2d37a4bdb47b8f42de
  1.8.2: 5d52c4473189e70e4878a5a7b38e3a82
  1.9.2: 24b79f325b32661fd24c93d7d2e8ccef
  1.9.4: 24b79f325b32661fd24c93d7d2e8ccef

We have more tools coming soon! Look forward to Chimera Live CD.
These are the offensive security tools developed by our wiki staff.