fix fingerprinthub and fingers match bug

chainreactors · Feb 20, 2024 · 88dc9fe · 88dc9fe
1 parent b9e970e
commit 88dc9fe
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 35 deletions.
diff --git a/go.sum b/go.sum
@@ -21,14 +21,12 @@ github.com/chainreactors/logs v0.0.0-20240207121836-c946f072f81f/go.mod h1:6Mv6W
 github.com/chainreactors/neutron v0.0.0-20231221064706-fd6aaac9c50b/go.mod h1:Q6xCl+KaPtCDIziAHegFxdHOvg6DgpA6hcUWRnQKDPk=
 github.com/chainreactors/parsers v0.0.0-20231218072716-fb441aff745f/go.mod h1:ZHEkgxKf9DXoley2LUjdJkiSw08MC3vcJTxfqwYt2LU=
 github.com/chainreactors/parsers v0.0.0-20231220104848-3a0b5a5bd8dc/go.mod h1:V2w16sBSSiBlmsDR4A0Q9PIk9+TP/6coTXv6olvTI6M=
-github.com/chainreactors/parsers v0.0.0-20240220090042-a7f9dac0281b h1:HQlt8J1lLfsR4BbsQs4eivwplemVFhLyQhkPpG+0eJ8=
-github.com/chainreactors/parsers v0.0.0-20240220090042-a7f9dac0281b/go.mod h1:IS0hrYnccfJKU0NA12zdZk4mM7k/Qt4qnzMnFGBFLZI=
 github.com/chainreactors/parsers v0.0.0-20240220101211-fc5d6e07ba81 h1:Pi4KT8ERTIwr1bo04VxPwwyjn2Vm30dBF0njW8rIGqM=
 github.com/chainreactors/parsers v0.0.0-20240220101211-fc5d6e07ba81/go.mod h1:IS0hrYnccfJKU0NA12zdZk4mM7k/Qt4qnzMnFGBFLZI=
 github.com/chainreactors/utils v0.0.0-20231031063336-9477f1b23886 h1:lS2T/uE9tg1MNDPrb44wawbNlD24zBlWoG0H+ZdwDAk=
 github.com/chainreactors/utils v0.0.0-20231031063336-9477f1b23886/go.mod h1:JA4eiQZm+7AsfjXBcIzIdVKBEhDCb16eNtWFCGTxlvs=
-github.com/chainreactors/words v0.4.1-0.20240208114042-a1c5053345b0 h1:7aAfDhZDLs6uiWNzYa68L4uzBX7ZIj7IT8v+AlmmpHw=
-github.com/chainreactors/words v0.4.1-0.20240208114042-a1c5053345b0/go.mod h1:DUDx7PdsMEm5PvVhzkFyppzpiUhQb8dOJaWjVc1SMVk=
+github.com/chainreactors/words v0.4.1-0.20240220104223-153f52e53f37 h1:QdH1w8MnoAEnXp+CGqwroCRhAs+gu5OnIyW+qnK8Ibg=
+github.com/chainreactors/words v0.4.1-0.20240220104223-153f52e53f37/go.mod h1:DUDx7PdsMEm5PvVhzkFyppzpiUhQb8dOJaWjVc1SMVk=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

diff --git a/pkg/fingerprinthub.go b/pkg/fingerprinthub.go
@@ -7,48 +7,62 @@ import (
 
 type FingerPrintHub struct {
 	Name        string            `json:"name"`
-	FaviconHash []string          `json:"favicon_hash"`
-	Keyword     []string          `json:"keyword"`
+	FaviconHash []string          `json:"favicon_hash,omitempty"`
+	Keyword     []string          `json:"keyword,omitempty"`
 	Path        string            `json:"path"`
-	Headers     map[string]string `json:"headers"`
+	Headers     map[string]string `json:"headers,omitempty"`
 }
 
 func FingerPrintHubDetect(header, body string) parsers.Frameworks {
 	frames := make(parsers.Frameworks)
-
 	for _, finger := range FingerPrintHubs {
 		status := false
-
-		for _, key := range finger.Keyword {
-			if strings.Contains(body, key) {
-				status = true
-			} else {
-				status = false
-				break
-			}
-		}
-		if !status {
-			continue
-		}
-		for k, v := range finger.Headers {
-			if v == "*" && strings.Contains(header, k) {
-				status = true
-			} else if strings.Contains(header, k) && strings.Contains(header, v) {
-				status = true
-			} else {
-				status = false
-				break
-			}
+		if fingerPrintHubMatchHeader(finger, header) && fingerPrintHubMatchBody(finger, body) {
+			status = true
 		}
 
 		if status {
-			frame := &parsers.Framework{
+			frames.Add(&parsers.Framework{
 				Name: finger.Name,
 				From: parsers.FrameFromDefault,
 				Tags: []string{"fingerprinthub"},
-			}
-			frames[frame.Name] = frame
+			})
 		}
 	}
 	return frames
 }
+
+func fingerPrintHubMatchHeader(finger *FingerPrintHub, header string) bool {
+	if len(finger.Headers) == 0 {
+		return true
+	}
+	status := true
+	for k, v := range finger.Headers {
+		if v == "*" && strings.Contains(header, k) {
+			status = true
+		} else if strings.Contains(header, k) && strings.Contains(header, v) {
+			status = true
+		} else {
+			return false
+		}
+	}
+	return status
+}
+
+func fingerPrintHubMatchBody(finger *FingerPrintHub, body string) bool {
+	if len(finger.Keyword) == 0 {
+		return true
+	}
+	if body == "" {
+		return false
+	}
+	status := true
+	for _, key := range finger.Keyword {
+		if strings.Contains(body, key) {
+			status = true
+		} else {
+			return false
+		}
+	}
+	return status
+}
diff --git a/pkg/fingers.go b/pkg/fingers.go
@@ -1,6 +1,7 @@
 package pkg
 
 import (
+	"bytes"
 	"github.com/chainreactors/gogo/v2/pkg/fingers"
 	"github.com/chainreactors/parsers"
 )
@@ -10,9 +11,9 @@ func FingerDetect(content []byte) parsers.Frameworks {
 	frames := make(parsers.Frameworks)
 	for _, finger := range Fingers {
 		// sender置空, 所有的发包交给spray的pool
-		frame, _, ok := fingers.FingerMatcher(finger, map[string]interface{}{"content": content}, 0, nil)
+		frame, _, ok := fingers.FingerMatcher(finger, map[string]interface{}{"content": bytes.ToLower(content)}, 0, nil)
 		if ok {
-			frames[frame.Name] = frame
+			frames.Add(frame)
 		}
 	}
 	return frames

diff --git a/pkg/load.go b/pkg/load.go
@@ -19,7 +19,7 @@ var (
 	Extractors                        = make(parsers.Extractors)
 	Fingers         fingers.Fingers
 	ActivePath      []string
-	FingerPrintHubs []FingerPrintHub
+	FingerPrintHubs []*FingerPrintHub
 )
 
 func LoadTemplates() error {
@@ -124,14 +124,19 @@ func LoadFingerPrintHub() error {
 	if err != nil {
 		return err
 	}
+	var fingers []*FingerPrintHub
 	for _, f := range FingerPrintHubs {
 		if f.Path != "/" {
 			ActivePath = append(ActivePath, f.Path)
 		}
 		for _, ico := range f.FaviconHash {
 			Md5Fingers[ico] = f.Name
 		}
+		if len(f.Keyword) > 0 || len(f.Headers) > 0 {
+			fingers = append(fingers, f)
+		}
 	}
+	FingerPrintHubs = fingers
 
 	return nil
 }