本文将展示版本指纹的最佳编写实践、规范和示例模版
name: chaitin-xray transport: http detail: fingerprint: cpe: cpe:2.3:a:chaitin:xray version: '{{version}}' rules: get_icon_hash: request: method: GET path: / follow_redirects: false expression: faviconHash(response.getIconContent()) == 938617678 get_version: request: method: POST path: /api/graphql/ headers: Content-Type: application/json body: |- {"query":"query WebVersion {webVersion}"} expression: response.body_string.contains("webVersion") output: search: | r'"webVersion":"(?P<version>[\w\.\-]+?)"'.submatch(response.body_string) version: search['version'] expression: get_icon_hash() && (get_version() || true)
{{version}}
name: e-business_suite transport: http detail: fingerprint: cpe: oracle:e-business_suite version: '{{version}}' rules: index_contains: expression: response.body_string.contains('E-Business Suite Home Page Redirect') v0: request: method: GET path: /OA_HTML/SNO_version.txt expression: response.body_string.contains('FULL=') output: search: | 'FULL=(?P<version>[0-9\\.]+?)'.submatch(response.body_string) version: search['version'] v1: request: method: GET path: /OA_HTML/login.js expression: | "(?i)Version (?P<version>[\\w\\.]+?)".matches(response.body_string) output: search: | "(?i)Version (?P<version>[\\w\\.]+?)".submatch(response.body_string) version: search['version'] expression: index_contains() && (v0() || v1() || true)
name: vbulletin transport: http detail: fingerprint: cpe: vbulletin:vbulletin version: '{{version}}' rules: kw_in_body: request: cache: true method: GET path: / expression: |- response.body_string.contains('content="vBulletin') || response.body_string.contains("Powered by vBulletin") || response.body_string.contains("vbulletin_css") && response.body_string.contains("vbulletin_md5") output: search: |- 'content="vBulletin (?P<version>[0-9\\.]+?)'.submatch(response.body_string) expression: kw_in_body()
Was this page helpful?