web指纹识别工具

Last update: Dec 26, 2022

Related tags

Security related resources Finger

Overview

前言

一直苦于没有用的顺手的web指纹识别工具，学习前辈s7ckTeam的Glass和broken5的WebAliveScan优秀开源程序开发的轻量型web指纹工具。

安装

开发语言

python3

运行环境

Linux
Windows
Mac

安装

git clone https://github.com/EASY233/Finger
cd Finger
pip3 install -r requirements.txt

使用方法

参数说明

optional arguments:
  -h, --help  show this help message and exit

Target:
  -u URL      Input your url target
  -f FILE     Input your target's file

Output:
  -o OUTPUT   Select the output format.eg(html,json,xml,default:html)
  
Usage:
单一URL识别: python3 Finger.py -u http://www.baidu.com or www.baidu.com 
批量URL识别: python3 Finger.py -f xx.txt
输出方式:
支持html，json，xml三种格式默认html格式
用法:python3 Finger.py -f xx.txt -o json

配置说明

默认线程数为20实际需要修改可以在config/config.py中进行修改

threads = 20

指纹识别库在config/apps.json中可执行添加修改,添加修改规则:

例如以下:

"phpliteadmin": {
        "cats": "Application",
        "html": [
          "phpLiteAdmin v([0-9.]+)<\\;version:\\1",
          "",
          "Powered by


主要从两个方面进行识别一是headers头识别，二是html内容识别。无对应规则可不写例如下面JBoss:

"Jboss": {
        "cats": "Application",
        "html": "Your JBoss Application Server",
        "website": "http://jboss.org"
      }


运行效果
 扫描报告样式取自Glass样式报告:

web指纹识别工具

Related tags

Overview

前言

安装

开发语言

运行环境

安装

使用方法

参数说明

配置说明

运行效果

Owner

EASY

Tensorflow 1.13.X implementation for our NN paper: Wei Xia, Sen Wang, Ming Yang, Quanxue Gao, Jungong Han, Xinbo Gao: Multi-view graph embedding clustering network: Joint self-supervision and block diagonal representation. Neural Networks 145: 1-9 (2022)

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

CVE-2022-22965 : about spring core rce

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

EyeJo是一款自动化资产风险评估平台，可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查，快速发现存在的薄弱点和攻击面。

xp_CAPTCHA(白嫖版) burp 验证码识别 burp插件

DNS hijacking via dead records automation tool

Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Solución al reto BBVA Contigo, Hack BBVA 2021

Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

A fast tool to scan prototype pollution vulnerability

web指纹识别工具

Related tags

Overview

前言

安装

开发语言

运行环境

安装

使用方法

参数说明

配置说明

运行效果

Owner

EASY

Tensorflow 1.13.X implementation for our NN paper: Wei Xia, Sen Wang, Ming Yang, Quanxue Gao, Jungong Han, Xinbo Gao: Multi-view graph embedding clustering network: Joint self-supervision and block diagonal representation. Neural Networks 145: 1-9 (2022)

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

CVE-2022-22965 : about spring core rce

A blind SQL injection script that uses binary search aka bisection method to dump datas from database.

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

EyeJo是一款自动化资产风险评估平台，可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查，快速发现存在的薄弱点和攻击面。

xp_CAPTCHA(白嫖版) burp 验证码 识别 burp插件

DNS hijacking via dead records automation tool

Tools for converting Nintendo DS binaries to an ELF file for Ghidra/IDA

How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Solución al reto BBVA Contigo, Hack BBVA 2021

Coerce authentication from Windows hosts via MS-FSRVP (Requires FS-VSS-AGENT service running on host)

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Tenssens framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

A fast tool to scan prototype pollution vulnerability

xp_CAPTCHA(白嫖版) burp 验证码识别 burp插件