常见开源指纹识别/web高危组件识别/hw all in one扫描/ 等项目调研
大家有常用的工具可提issue
开源指纹识别项目调研
开源指纹识别项目调研
项目名称: Finger
项目地址:https://github.com/EASY233/Finger
开发语言:Python
指纹数量:?
识别原理:和EHOLE一样,ehole python重构版
优点:还没用过待补充
缺点:还没用过待补充
调研以爬虫结合被动指纹识别为主
主动发包识别为辅的识别方案
调研多种指纹归类(采样)方案
项目名称: CMSScan
项目地址:https://github.com/ajinabraham/CMSScan
开发语言:Python
指纹数量:
识别原理:
优点:
缺点:
其他:严格意义上不算我们讨论的范围
项目名称: TideFinger
项目地址:https://github.com/TideSec/TideFinger
开发语言:Python
指纹数量:2078
识别原理:主动扫描指纹路径利用网页response的关键字、md5、正则进行匹配
优点:指纹较多识别效果尚可
缺点:代码很拉
Fscan
glass
项目名称: WhatWeb
项目地址:https://github.com/urbanadventurer/WhatWeb
开发语言:Ruby
指纹数量:1800
识别原理:HTML and HTTP headers等的hash或者关键词
Title - The HTML Page Title
MD5 hash
Header hash
Footer hash
Meta generator tag name
Uncommon HTTP headers
Tag-hash (Hash of the HTML tag pattern)
优点:可被动也可主动
缺点:ruby使用不是很方便
项目名称: CMSeeK
项目地址:https://github.com/Tuhinshubhra/CMSeeK
开发语言:Python
指纹数量:
识别原理:
优点:
缺点:
其他:严格意义上不算我们讨论的范围
项目名称: EHole
项目地址:https://github.com/EdgeSecurityTeam/EHole
开发语言:Golang
指纹数量:?
识别原理:
关键字匹配:
{
"cms": "seeyon",
"method": "keyword",
"location": "body",
"keyword": ["/seeyon/USER-DATA/IMAGES/LOGIN/login.gif"]
}
faviconhash匹配:
{
"cms": "CapRover",
"method": "faviconhash",
"location": "body",
"keyword": ["988422585"]
}
优点:keyword支持多关键字匹配,需要所有关键字匹配上才能识别
缺点:没代码
项目名称: wappalyzer
项目地址:https://github.com/AliasIO/wappalyzer
开发语言:原项目JS,使用可以Python,JS,Golang
指纹数量:(https://github.com/aliasio/wappalyzer/blob/master/src/technologies.json)
识别原理:从http response,headers,favicon等多个角度进行匹配
"Example": {
"description": "A short description of the technology.",
"cats": [
"1"
],
"cookies": {
"cookie_name": "Example"
},
"dom": {
"#example-id": {
"exists": "",
"attributes": {
"class": "example-class"
},
"properties": {
"example-property": ""
},
"text": "Example text content"
}
},
"dns": {
"MX": [
"example\\.com"
]
},
"js": {
"Example.method": ""
},
"excludes": "Example",
"headers": {
"X-Powered-By": "Example"
},
"html": "<link[^>]example\\.css",
"css": "\\.example-class",
"robots": "Disallow: /unique-path/",
"implies": "PHP\\;confidence:50",
"requires": "WordPress",
"meta": {
"generator": "(?:Example|Another Example)"
},
"script": "example-([0-9.]+)\\.js\\;confidence:50\\;version:\\1",
"url": "example\\.com",
"xhr": "example\\.com",
"oss": true,
"saas": true,
"pricing": ["medium", "freemium", "recurring"],
"website": "https://example.com",
}
优点:个人觉得最好的被动指纹识别
缺点:待补充
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.