指纹库匹配时区分大小写会导致很多特征无法识别 #129
Labels
bug
Something isn't working
Comments
|
确实有这个问题,在优化中 |
感谢大佬的回复! 顺便也有一个小建议,程序有判断端口是http或者是https的功能,有很多端口在使用http协议访问的时候,会回复一个“his combination of host and port requires TLS”或者“HTTP request to an HTTPS server”,看起来也是200,但实际没什么用处。建议在判定http还是https的时候加一下类似上面的判断条件更好一些。比如说这个:"URL": "http://67.23.242.188:8001","Body": "Bad Request\r\nThis combination of host and port requires TLS.\r\n";其实他是有goanywhere,但在指纹库里加上goanywhere Body="goanywhere/javax.faces" 也是识别不出来的。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
大佬好,感谢分享工具!
在测试的过程中发现指纹库的识别似乎区分了大小写,在实际使用时经常会看到Server: nginx这种header,但是指纹库里因为是Nginx Response="server: nginx",就会导致无法识别,另外还有Ruby-on-Rails Body="alt="ruby on rails" "这条指纹,像vulhub中的CVE-2018-3760环境启动的rails是Ruby on Rails,就会识别不出来。
The text was updated successfully, but these errors were encountered: