It’s been a long wait but we are now officially LIVE. We have been testing and refining Blip’s functionality in our spare time since May. In June we did a soft launch which has been really helpful thanks to all the feedback we have got from people who’ve tried it, and usage has been growing steadily too. A question we’ve been asked about quite often is what functionality we plan to include in future versions of Blip. I’ll come to that in this article, but first, here is the functionality currently available on Blip and some of its applications:
1. Detect plugins on WordPress websites instantly, and without having to install any invasive plugin yourself. It’s not 100% accurate, but it provides the most replete results of all the WordPress scanners we’ve found. This is useful for lots of reasons, like if you want to see what plugins are being used on a website to perform certain functions, or if you just want to quickly check whether the plugins on your own website are all up to date.
2. Detects the latest CVs / WordPress plugin vulnerabilities. When a plugin vulnerability is disclosed publicly, Blip will display them within 5 minutes of the disclosure. Clicking on any vulnerable plugins lets you see what the vulnerability is and what the patch is.
Future functionality
The free version of Blip which is available now is a small part of the functionality on a security research tool I wrote. The full version I use lets me scan several hundred thousand WordPress websites every 20 minutes or so, logging which ones have potential vulnerabilities on them. That’s how I’ve been able to find the zero day exploits and other CVs since I began doing security research as a hobby this year. Ultimately I’d love to make this functionality publicly available and we are looking at ways to do this because it will require a lot of time and probably some investment too. If we are able to make this happen it should help a lot of research analysts, including aspiring ones to be more effective in their work finding them bug bounties.
A request we have had a few times is if we can reverse the logic lookup so that plugins can be searched for by their name, providing a list of WordPress websites which have the plugin installed. And yip, we can build this and it’s definitely something we will look at introducing in a future version of Blip. Having this would mean you can get a list of hundreds of thousands of WordPress websites which use a certain plugin.
Subdomain discovery is definitely on our radar. We’ve got it in trial mode currently and will look at rolling it out in the future. This will allow you find subdomains you might not have even known were there along with any possible vulnerabilities on them.
And, something we’ve been asked lots of time from agency users is whether we can provide reporting functionality. We can definitely do this and it would probably be part of the wider rollout of functionality described above.
Request a feature
If you want to see some new functionality added to Blip, we’d love to hear. You can send it to us on the ‘Request a feature’ popup in the footer.