A couple of students at the University of Amsterdam have developed a small piece of software that scans web based software for security leaks and vulnerabilities. The current version of the program, WAD (Web Application Detector) supports three of the most popular platforms on the internet today:

1. Wordpress
2. Joomla
3. phpBB

According to the report that was written by the students, it is often almost impossible for an administrator to know what is running in the webdirectories and what attack or flaw caused outages.

This report describes a way to find out what applications and which versions are present inside a directory tree on a web server. A proof-of-concept is used to demonstrate the practical use. This tool enables web server administrators to act proactively and take measures before web applications are hacked.

You can find hte software as well as the links to the report here. The software will be moved to Sourceforge as soon as it has been approved.