Comments (7)
That would be greatly appreciated! Reach out if you have any questions (can also dm me on twitter under @codingo_ if easier).
from vhostscan.
Hi Julian,
Have you tried using --fuzzy-logic on this dataset? This uses levinstien distance to measure page differences (it's useful for bypassing cases where items such as the time are on the page) and is useful in scenarios like this.
If that doesn't work, but you can see another solution, We'd certainly appreciate a pull request!
Regards,
Michael
from vhostscan.
@ewilded touching base to see where we're headed with this?
from vhostscan.
Hi, my apologies, I have been quite busy lately. I tried the --fuzzy-logic method but did not help with clear results. Will poke around the code trying to get the desired results without interfering with anything that's already working well. If successful, I'll come up with a pull request. Thanks.
from vhostscan.
OK, sorry it took so long. So I sat to this today and started playing with the code. At first I thought that the hash is using the entire response (including headers) and thus ending up different for each of the responses. I introduced an alternative comparison method (a hash of the response.content and the response.status_code) only to realize that it was not the case (response.text == response.content, which is the actual content without headers). The reason I was getting results like above was my unfortunate default virtual host with directory listing, reflecting the provided Host header in the response (
Apache/2.4.34 (Debian) Server at something.something Port 80
). Thus, such instances of the same virtual host were generating unique content leading to unique hashes and results as shown above. Once I added a static index.php to the default webroot and ran the tool again, I got the results I was expecting.
Sorry for the commotion, I did not notice I created a quite troublesome test case. I know such stuff could be avoided by introducing an alternative comparison method like word count - or even more sophisticated mechanism like the one James Kettle implemented for his Backslash Powered Scanner, now used in many other plugins as being part of the Burp API. Anyway, I don't think this scenario occurs this often to really bother.
from vhostscan.
@codingo, should this be marked as closed?
from vhostscan.
@linted yes, I believe so. Thank-you @linted.
from vhostscan.
Related Issues (20)
- setup.py broken HOT 3
- A typo in one of the imports keeps the tool from running HOT 1
- Compilation Error HOT 4
- setup.py cant finish installation HOT 5
- Issue on Output Json
- --random-agent can't find file HOT 1
- Error: command 'i686-linux-gnu-gcc' failed with exit status 1 HOT 2
- ImportError attempted relative import with no known parent package (is this python2 or python3?)
- ImportError: attempted relative import with no known parent package
- Cannot Install HOT 2
- Error install requirements.txt for pandas==0.19.2 HOT 1
- Docker-Image doesn't build HOT 1
- [!] No words found in provided wordlists, unable to scan.
- what error? HOT 1
- Pho
- ImportError: cannot import name parse_http_list HOT 10
- Change readme documentation to specifically say python3 HOT 1
- Import error when running vhostscan HOT 1
- i have allready package and why error again???? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vhostscan.