Security firm Qualys has launched an open source, web-application fingerprinting engine to identify application and plug-in versions.
The launch coincides with the release of related research at the Black Hat USA 2010 security conference in Las Vegas.
"BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded," said Patrick Thomas, a vulnerability researcher at Qualys and creator of BlindElephant.
"It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site," he said.
As vulnerabilities are increasingly discovered, it is important to have a reliable way to detect which applications and plug-ins are present at a site, and if they are running outdated versions, said Thomas.
Unlike other web application tools, BlindElephant uses a new approach that relies on hashes of static resource files within the application to identify the application's version number.
"Standard web applications are commonly targeted by attackers and then subverted for malware distribution," said Wolfgang Kandek, chief technology officer at Qualys.
The BlindElephant tool will enable users to protect themselves and monitor their web applications, he said.
The open source project is also intended to be an initial stepping stone to work with the community to increase the number of fingerprinted web applications, said Kandek.