From 88dc9fe7cdac63ba18874942463254c91491ec77 Mon Sep 17 00:00:00 2001 From: M09Ic Date: Tue, 20 Feb 2024 21:09:00 +0800 Subject: [PATCH] fix fingerprinthub and fingers match bug --- go.sum | 6 ++-- pkg/fingerprinthub.go | 70 ++++++++++++++++++++++++++----------------- pkg/fingers.go | 5 ++-- pkg/load.go | 7 ++++- 4 files changed, 53 insertions(+), 35 deletions(-) diff --git a/go.sum b/go.sum index 1c7b390..a773279 100644 --- a/go.sum +++ b/go.sum @@ -21,14 +21,12 @@ github.com/chainreactors/logs v0.0.0-20240207121836-c946f072f81f/go.mod h1:6Mv6W github.com/chainreactors/neutron v0.0.0-20231221064706-fd6aaac9c50b/go.mod h1:Q6xCl+KaPtCDIziAHegFxdHOvg6DgpA6hcUWRnQKDPk= github.com/chainreactors/parsers v0.0.0-20231218072716-fb441aff745f/go.mod h1:ZHEkgxKf9DXoley2LUjdJkiSw08MC3vcJTxfqwYt2LU= github.com/chainreactors/parsers v0.0.0-20231220104848-3a0b5a5bd8dc/go.mod h1:V2w16sBSSiBlmsDR4A0Q9PIk9+TP/6coTXv6olvTI6M= -github.com/chainreactors/parsers v0.0.0-20240220090042-a7f9dac0281b h1:HQlt8J1lLfsR4BbsQs4eivwplemVFhLyQhkPpG+0eJ8= -github.com/chainreactors/parsers v0.0.0-20240220090042-a7f9dac0281b/go.mod h1:IS0hrYnccfJKU0NA12zdZk4mM7k/Qt4qnzMnFGBFLZI= github.com/chainreactors/parsers v0.0.0-20240220101211-fc5d6e07ba81 h1:Pi4KT8ERTIwr1bo04VxPwwyjn2Vm30dBF0njW8rIGqM= github.com/chainreactors/parsers v0.0.0-20240220101211-fc5d6e07ba81/go.mod h1:IS0hrYnccfJKU0NA12zdZk4mM7k/Qt4qnzMnFGBFLZI= github.com/chainreactors/utils v0.0.0-20231031063336-9477f1b23886 h1:lS2T/uE9tg1MNDPrb44wawbNlD24zBlWoG0H+ZdwDAk= github.com/chainreactors/utils v0.0.0-20231031063336-9477f1b23886/go.mod h1:JA4eiQZm+7AsfjXBcIzIdVKBEhDCb16eNtWFCGTxlvs= -github.com/chainreactors/words v0.4.1-0.20240208114042-a1c5053345b0 h1:7aAfDhZDLs6uiWNzYa68L4uzBX7ZIj7IT8v+AlmmpHw= -github.com/chainreactors/words v0.4.1-0.20240208114042-a1c5053345b0/go.mod h1:DUDx7PdsMEm5PvVhzkFyppzpiUhQb8dOJaWjVc1SMVk= +github.com/chainreactors/words v0.4.1-0.20240220104223-153f52e53f37 h1:QdH1w8MnoAEnXp+CGqwroCRhAs+gu5OnIyW+qnK8Ibg= +github.com/chainreactors/words v0.4.1-0.20240220104223-153f52e53f37/go.mod h1:DUDx7PdsMEm5PvVhzkFyppzpiUhQb8dOJaWjVc1SMVk= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= diff --git a/pkg/fingerprinthub.go b/pkg/fingerprinthub.go index 6570373..61d29b4 100644 --- a/pkg/fingerprinthub.go +++ b/pkg/fingerprinthub.go @@ -7,48 +7,62 @@ import ( type FingerPrintHub struct { Name string `json:"name"` - FaviconHash []string `json:"favicon_hash"` - Keyword []string `json:"keyword"` + FaviconHash []string `json:"favicon_hash,omitempty"` + Keyword []string `json:"keyword,omitempty"` Path string `json:"path"` - Headers map[string]string `json:"headers"` + Headers map[string]string `json:"headers,omitempty"` } func FingerPrintHubDetect(header, body string) parsers.Frameworks { frames := make(parsers.Frameworks) - for _, finger := range FingerPrintHubs { status := false - - for _, key := range finger.Keyword { - if strings.Contains(body, key) { - status = true - } else { - status = false - break - } - } - if !status { - continue - } - for k, v := range finger.Headers { - if v == "*" && strings.Contains(header, k) { - status = true - } else if strings.Contains(header, k) && strings.Contains(header, v) { - status = true - } else { - status = false - break - } + if fingerPrintHubMatchHeader(finger, header) && fingerPrintHubMatchBody(finger, body) { + status = true } if status { - frame := &parsers.Framework{ + frames.Add(&parsers.Framework{ Name: finger.Name, From: parsers.FrameFromDefault, Tags: []string{"fingerprinthub"}, - } - frames[frame.Name] = frame + }) } } return frames } + +func fingerPrintHubMatchHeader(finger *FingerPrintHub, header string) bool { + if len(finger.Headers) == 0 { + return true + } + status := true + for k, v := range finger.Headers { + if v == "*" && strings.Contains(header, k) { + status = true + } else if strings.Contains(header, k) && strings.Contains(header, v) { + status = true + } else { + return false + } + } + return status +} + +func fingerPrintHubMatchBody(finger *FingerPrintHub, body string) bool { + if len(finger.Keyword) == 0 { + return true + } + if body == "" { + return false + } + status := true + for _, key := range finger.Keyword { + if strings.Contains(body, key) { + status = true + } else { + return false + } + } + return status +} diff --git a/pkg/fingers.go b/pkg/fingers.go index 8b680cd..7f27d4e 100644 --- a/pkg/fingers.go +++ b/pkg/fingers.go @@ -1,6 +1,7 @@ package pkg import ( + "bytes" "github.com/chainreactors/gogo/v2/pkg/fingers" "github.com/chainreactors/parsers" ) @@ -10,9 +11,9 @@ func FingerDetect(content []byte) parsers.Frameworks { frames := make(parsers.Frameworks) for _, finger := range Fingers { // sender置空, 所有的发包交给spray的pool - frame, _, ok := fingers.FingerMatcher(finger, map[string]interface{}{"content": content}, 0, nil) + frame, _, ok := fingers.FingerMatcher(finger, map[string]interface{}{"content": bytes.ToLower(content)}, 0, nil) if ok { - frames[frame.Name] = frame + frames.Add(frame) } } return frames diff --git a/pkg/load.go b/pkg/load.go index 41a7a9d..1b4a867 100644 --- a/pkg/load.go +++ b/pkg/load.go @@ -19,7 +19,7 @@ var ( Extractors = make(parsers.Extractors) Fingers fingers.Fingers ActivePath []string - FingerPrintHubs []FingerPrintHub + FingerPrintHubs []*FingerPrintHub ) func LoadTemplates() error { @@ -124,6 +124,7 @@ func LoadFingerPrintHub() error { if err != nil { return err } + var fingers []*FingerPrintHub for _, f := range FingerPrintHubs { if f.Path != "/" { ActivePath = append(ActivePath, f.Path) @@ -131,7 +132,11 @@ func LoadFingerPrintHub() error { for _, ico := range f.FaviconHash { Md5Fingers[ico] = f.Name } + if len(f.Keyword) > 0 || len(f.Headers) > 0 { + fingers = append(fingers, f) + } } + FingerPrintHubs = fingers return nil }