Skip to content

补全JS匹配正则,并修复JS匹配URL路径丢失的问题#20

Merged
lemonlove7 merged 1 commit intolemonlove7:mainfrom
mewhz:main
Jan 27, 2024
Merged

补全JS匹配正则,并修复JS匹配URL路径丢失的问题#20
lemonlove7 merged 1 commit intolemonlove7:mainfrom
mewhz:main

Conversation

@mewhz
Copy link
Copy Markdown
Contributor

@mewhz mewhz commented Jan 22, 2024

使用 fofa 搜索 app="用友-U8CRM"
正常访问时:http://ip/login/login.php
使用完整路径运行 ehole_magic 可以正常识别出指纹
image
仅使用:http://ip 无法识别出指纹
image
查看请求包发现请求中的 JavaScript 未出现在正则中,于是在 jsjump.go 的 20 - 27 行中添加新正则,并添加等号两边无空格正则
image
后发现原本 finger/finger.go 中拼接路径后,会覆盖原本的 data 变量,在 finger/finger.go 的 1588 - 1598 行中,把 data.jsurl 放入队列中。
修改后再次运行
image
image

@lemonlove7 lemonlove7 merged commit 6e52a59 into lemonlove7:main Jan 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mewhz @lemonlove7