安全路透社
当前位置:安全路透社 > 网络转载 > 正文

浅析国内指纹识别技术(附带小工具)

*原创作者:北风飘然@金乌网络安全实验室

前言

初学web安全的时候,找漏洞都是用北极熊扫描器扫出来的网站title来有目的性的‘刷’漏洞,后来随着网络主机的交替,ip的改变,北极熊扫出来的title也越来越不准确了。

大约在一月初开始打算扫全网的80端口,其中半个月时间调用了差不多7、8台服务器去扫描,扫了接近一半的中国ip段。但是发现结果不是特别满意,后来又在GitHub上找到了一个项目:

https://github.com/nanshihui/Scan-T

这个就很不错,可惜只是Django和Nmap结合起来,模仿了类似Shodan的东西,但是只有主机信息识别,也不是很满足。

构思

最近在构思一个想法,现有的扫描器像awvs,AppScan,Nessus等都是基于web爬虫,然后根据爬取的地址去扫描。这样会给网站造成很大的负担,并且容易触发防火墙,被限制拒绝访问。

但是现有的poc有很多,如果扫描器开始是基于web指纹识别,如果识别出web指纹,然后针对web框架使用poc去验证,反而效果会更好。

那么问题来了,怎么识别web指纹呢?

1. 基于web网站独有的favicon.ico的md5 比对网站类型;

2. 基于规则识别web站特征去识别;

3. 基于爬虫爬出来的网站目录比对web信息。

利弊

再说说这三种方法的利弊。

第一种速度最快,但也是最不准确的一种。因为大部分的favicon.ico都可以去更改,那么就会造成很大的误差。

1.png

第二种特征去识别可以寻找网站的css 、js代码的命名规则,也可以找关键字,以及head cookie等等,但是弊端是收集这些规则会耗费很久的时间。

 2.png

第三种感觉准确性比较高,但是如果改了目录结构就会造成问题,而且一部分网站有反爬虫机制,会造成一些困扰。

总体来看,最好的是三种结合在一起。但是想做成轻量级的,于是选择了第二种。

分析

首先规则是个问题,但是国内与Shodan,钟馗之眼相同的搜索引擎就很开源的把规则放了出来。

3.png

然后用爬虫爬下来。

4.png

大概有1412中可识别出来的。

这样就简单了。

url = input('输入要识别的网址')
if url.startswith('http://'):
   
url = url
else:
   
url = 'http://'+url
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1471.914 Safari/537.36'}
response = requests.get(url=url,headers=headers)

bresponse = BeautifulSoup(response.text,"lxml")
title = bresponse.findAll('title')                            #title
for i in title:
   
title = i.get_text()
head
= response.headers
response = response.text

header = ''
for key in head.keys():                             # header集合
   
header = header+key+':'+head[key]
print('收集主页信息完毕')

先把信息收集出来,分成title、body以及header。

body = {'content="WordPress':'WordPress','wp-includes':'WordPress',
       
'pma_password':'phpMyAdmin',
       
'AdaptCMS':'AdaptCMS',
       
'TUTUCMS':'tutucms','Powered by TUTUCMS':'tutucms',
       
'Powered by 1024 CMS':'1024 CMS','1024 CMS (c)':'1024 CMS',
       
'Publish By JCms2010':'捷点 JCMS',
       
'webEdition':'webEdition',
       
'Powered by phpshe':'phpshe','phpshe':'phpshe',
       
'/theme/2009/image&login.asp':'北京清科锐华CEMIS',
       
'css/25yi.css':'25yi','Powered by 25yi':'25yi',
       
'/bundles/oroui/':'oroCRM',
       
'Powered by SeaCms':'海洋CMS','seacms':'海洋CMS',
       
'/images/v7/cms.css':'qibosoft v7',
       
'opac_two':'北创图书检索系统',
       
'dayrui/statics':'dayrui系列CMS',
       
'upload/moban/images/style.css':'ASP168 欧虎','default.php?mod=article&do=detail&tid':'ASP168 欧虎',
       
'Powered by FineCMS':'FineCMS','dayrui@gmail.com':'FineCMS','FineCMS':'FineCMS',}

写一个rule的模块,里面分别把body、title、header以字典的形式分开来。

def scan_head():
   
headrule = rule.head
    web_information
= 0
   
for key in headrule.keys():
       
if '&' in key:
           
keys = re.split('&',key)
           
if re.search(keys[0],header,re.I) and re.search(keys[1],response,re.I) :
               
web_information = headrule[key]
               
break
            else
:
               
continue
        else
:
           
req = re.search(key,header,re.I)
           
if req:
               
web_information = headrule[key]
               
break
            else
:
               
continue
    return
web_information

比对关键字输出。

最后结果如下。

import requests
from bs4 import BeautifulSoup
import re
import rule
import sys

url
= input('输入要识别的网址')
if url.startswith('http://'):
   
url = url
else:
   
url = 'http://'+url
headers
= {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 UBrowser/6.0.1471.914 Safari/537.36'}
response = requests.get(url=url,headers=headers)
bresponse
= BeautifulSoup(response.text,"lxml")
title = bresponse.findAll('title')                            #title
for i in title:
   
title = i.get_text()
head
= response.headers
response
= response.text

header
= ''
for key in head.keys():                             # header集合
   
header = header+key+':'+head[key]
print('收集主页信息完毕')

def scan_title():
   
titlerule = rule.title
    web_information
= 0
   
for key in titlerule.keys():
       
req = re.search(key,title,re.I)
       
if req:
           
web_information = titlerule[key]
           
break
        else
:
           
continue
    return
web_information

def scan_head():
   
headrule = rule.head
    web_information
= 0
   
for key in headrule.keys():
       
if '&' in key:
           
keys = re.split('&',key)
           
if re.search(keys[0],header,re.I) and re.search(keys[1],response,re.I) :
               
web_information = headrule[key]
               
break
            else
:
               
continue
        else
:
           
req = re.search(key,header,re.I)
           
if req:
               
web_information = headrule[key]
               
break
            else
:
               
continue
    return
web_information




def scan_body():
   
body = rule.body
    web_information
= 0
   
for key in body.keys():
       
if '&' in key:
           
keys = re.split('&',key)
           
if re.search(keys[0],response,re.I) and re.search(keys[1],response,re.I):
               
web_information = body[key]
               
break
            else
:
               
continue
        else
:
           
req = re.search(key,response,re.I)
           
if req:
               
web_information = body[key]
               
break
            else
:
               
continue
    return
web_information


def main():
   
web_information = scan_title()
   
if web_information == 0:
       
web_information = scan_head()
       
if web_information == 0:
           
web_information = scan_body()
           
if web_information == 0:
               
print('无能为力了')
               
sys.exit()
           
else:
               
print(web_information)
       
else:
           
print(web_information)
   
else:
       
print(web_information)


if __name__ == '__main__':
   
main()

规则如下

body = {'content="WordPress':'WordPress','wp-includes':'WordPress',
       
'pma_password':'phpMyAdmin',
       
'AdaptCMS':'AdaptCMS',
       
'TUTUCMS':'tutucms','Powered by TUTUCMS':'tutucms',
       
'Powered by 1024 CMS':'1024 CMS','1024 CMS (c)':'1024 CMS',
       
'Publish By JCms2010':'捷点 JCMS',
       
'webEdition':'webEdition',
       
'Powered by phpshe':'phpshe','phpshe':'phpshe',
       
'/theme/2009/image&login.asp':'北京清科锐华CEMIS',
       
'css/25yi.css':'25yi','Powered by 25yi':'25yi',
       
'/bundles/oroui/':'oroCRM',
       
'Powered by SeaCms':'海洋CMS','seacms':'海洋CMS',
       
'/images/v7/cms.css':'qibosoft v7',
       
'opac_two':'北创图书检索系统',
       
'dayrui/statics':'dayrui系列CMS',
       
'upload/moban/images/style.css':'ASP168 欧虎','default.php?mod=article&do=detail&tid':'ASP168 欧虎',
       
'Powered by FineCMS':'FineCMS','dayrui@gmail.com':'FineCMS','FineCMS':'FineCMS',
       
'ASPCMS':'ASPCMS',
       
'/index.php/clasify/showone/gtitle/':'O2OCMS',
       
'CmsEasy':'CmsEasy',
       
'damicms':'大米CMS','大米CMS':'大米CMS',
       
'/Include/EcsServerApi.js':'易创思ecs',
       
'Osclass':'Osclass',
       
'm_ctr32':'IdeaCMS','Powered By IdeaCMS':'IdeaCMS',
       
'bit-xxzs':'Bit','xmlpzs/webissue.asp':'Bit',
       
'/css/mymps.css':'mymps','mymps':'mymps',
       
'ycportal/webpublish':'全国烟草系统',
       
'bx_css_async':'Dolphin',
       
'/tpl/Home/weimeng/common/css/':'微门户',
       
'DianCMS_用户登陆引用':'易点CMS','DianCMS_SiteName':'易点CMS',
       
'r/cms/www':'unknown cms rcms',
       
'技术支持:云因信息':'yunyin','<a href="../scrp/getpassword.cfm':'yunyin','/scrp/book.cfm" method="post':'yunyin',
       
'PDV_PAGENAME':'PHPWEB',
       
'Author" content="微普外卖点餐系统':'微普外卖点餐系统','Powered By 点餐系统':'微普外卖点餐系统','userfiles/shoppics/':'微普外卖点餐系统',
       
'content="jieqi cms':'jieqi',
       
'Powerd by AppCMS':'appcms',
       
'content="OURPHP':'ourphp','Powered by ourphp':'ourphp',
       
'content="eAdmin':'eadmin',
       
'Powered by FengCms':'fengcms','content="FengCms':'fengcms',
       
'content="DotNetNuke':'DotNetNuke','content=",DotNetNuke':'DotNetNuke',
       
'Power by DedeCms':'DedeCMS','Powered by&http://www.dedecms.com/':'DedeCMS','/templets/default/style/dedecms.css':'DedeCMS',
       
'Created by DotNetCMS':'Foosun','For Foosun':'Foosun','Powered by www.Foosun.net,Products:Foosun Content Manage system':'Foosun',
       
'/deptWebsiteAction.do':'某通用型政府cms',
       
'Powered by wuzhicms':'wuzhicms','content="wuzhicms':'wuzhicms',
       
'_files/jspxcms.css':'Jspxcms',
       
'NITC Web Marketing Service':'NITC','/images/nitc1.png':'NITC',
       
'reader/view_abstract.aspx':'E-Tiller',
       
'content="IMGCMS':'IMGCms','Powered by IMGCMS':'IMGCms',
       
'/r/cms/www/':'RCMS','jhtml':'RCMS',
       
'/js/jtbc.js':'JTBC(CMS)','content="JTBC':'JTBC(CMS)',
       
'Powered by TurboCMS':'TurboCMS','/cmsapp/zxdcADD.jsp':'TurboCMS','/cmsapp/count/newstop_index.jsp?siteid=':'TurboCMS',
       
'本系统由<span class="STYLE1" ><a href="http://www.firstknow.cn':'中国期刊先知网','<img src="images/logoknow.png"':'中国期刊先知网',
       
'/js/jPackageCss/jPackage.css':'贷齐乐p2p','src="/js/jPackage':'贷齐乐p2p',
       
'generator" content="Typecho':'Typecho','强力驱动&Typecho':'Typecho',
       
'content="BageCMS':'八哥CMS',
       
'content="动力启航,DTCMS':'dtcms',
       
'keyicmskeyicms':'科蚁CMS','Powered by <a href="http://www.keyicms.com':'科蚁CMS',
       
'web980':'DIYWAP','bannerNum':'DIYWAP',
       
'generator" content="Plone':'plone',
       
'app/Tpl/fanwe_1/images/lazy_loading.gif&index.php?ctl=article_cate':'方维众筹',
       
'css/css_whir.css':'万户网络',
       
'wsite-page-index':'weebly',
       
'content="niubicms':'牛逼cms',
       
'/Widgets/WidgetCollection/':'We7',
       
'/css/yxcms.css':'Yxcms','content="Yxcms':'Yxcms',
       
'Powered by Diferior':'Diferior',
       
'Powered by PHPVOD':'phpvod','content="phpvod':'phpvod',
       
'Dolibarr Development Team':'Dolibarr',
       
'Telerik.Web.UI.WebResource.axd':'Telerik Sitefinity','content="Sitefinity':'Telerik Sitefinity',
       
'main/building.cfm':'云因网上书店','href="../css/newscomm.css':'云因网上书店',
       
'content="tipask':'Tipask',
       
'yidacms.css':'yidacms',
       
'advfile/ad12.js':'XYCMS',
       
'powerd by&BEESCMS':'beeCMS','template/default/images/slides.min.jquery.js':'beeCMS',
       
'Powered by ESPCMS':'ESPCMS','infolist_fff&/templates/default/style/tempates_div.css':'ESPCMS',
       
'webplus':'webplus','高校网站群管理平台':'webplus',
       
'content="WeiPHP':'weiphp','/css/weiphp.css':'weiphp',
       
'publish by BoyowCMS':'BoyowCMS',
       
'generator" content="ezCMS':'concrete5','CCM_DISPATCHER_FILENAME':'concrete5',
       
'凡科互联网科技股份有限公司':'凡科建站','content="凡科':'凡科建站',
       
'/css/cmstop-common.css':'CMSTop','/js/cmstop-common.js':'CMSTop','cmstop-list-text.css':'CMSTop','<a class="poweredby" href="http://www.cmstop.com"':'CMSTop',
       
'Powered by Adxstudio':'ADXStudio','poweredbyadx.png':'ADXStudio',
       
'Powered by DouPHP':'DouPHP','controlBase&indexLeft':'DouPHP'#三个&未写方法  只效验前两个 &recommendProduct
       
'content="MetInfo':'MetInfo','powered_by_metinfo':'MetInfo','/images/css/metinfo.css':'MetInfo',
       
'chanzhi.js':'chanzhi','\>\<a href=.+www.chanzhi.org':'chanzhi',
       
'content="Drupal':'Drupal','jQuery.extend\(Drupal.settings':'Drupal','ace-drupal7prod&/sites/all/themes/':'Drupal',   #/sites/all/modules/  /sites/default/files/
       
'Powered By PHPB2B':'phpb2b',
       
'Powered by&http://www.phpcms.cn':'PhpCMS','content=\"Phpcms':'PhpCMS','Powered by Phpcms':'PhpCMS','data/config.js':'PhpCMS',
       
'SiteServer CMS&http://www.siteserver.cn':'SiteServer','T_系统首页模板':'SiteServer','siteserver&sitefiles':'SiteServer',
       
'JEECMS&Powered by':'JEECMS',
       
'script src="http://code.zoomla.cn/':'逐浪zoomla','NodePage.aspx&body="Item':'逐浪zoomla','/style/images/win8_symbol_140x140.png':'逐浪zoomla',
       
'Powered by Phpmps':'phpmps','templates/phpmps/style/index.css':'phpmps',
       
'Powered by Dswjcms':'dswjcms','content="Dswjcms':'dswjcms',
       
'maccms:voddaycount':'苹果CMS',
       
'content="PageAdmin CMS':'PageAdmin','/e/images/favicon.ico':'PageAdmin',
       
'_ZCMS_ShowNewMessage':'ZCMS','zcms_skin':'ZCMS','ZCMS泽元内容管理':'ZCMS',
       
'NewsClass.asp?BigClass=企业新闻':'南方良精','HrDemand.asp':'南方良精','Aboutus.asp?Title=企业简介':'南方良精',
       
'lan12-jingbian-hong':'易普拉格科研管理系统','科研管理系统,北京易普拉格科技':'易普拉格科研管理系统',
       
'/ks_inc/common.js':'KesionCMS','publish by KesionCMS':'KesionCMS',
       
'Produced By 大汉网络':'大汉系统(Hanweb','<a href=\'http://www.hanweb.com\' style=\'display:none\'>':'大汉系统(Hanweb','<meta name=\'Generator\' content=\'大汉版通\'>':'大汉系统(Hanweb',
       
'<meta name=\'Author\' content=\'大汉网络\'>':'大汉系统(Hanweb','/jcms_files/jcms':'大汉系统(Hanweb',
       
'bigSortProduct.asp?bigid':'北京阳光环球建站系统',
       
'content="NIUCMS':'niucms',
       
'index.php\?ac=link_more&index.php\?ac=news_list':'TCCMS',   #未找到实例
       
'publico/template/&zonapie':'360webfacil 360WebManager','360WebManager Software':'360webfacil 360WebManager',
       
'labelOppInforStyle':'地平线CMS','search_result.aspx&frmsearch':'地平线CMS',
       
'FoxPHPScroll':'FoxPHP','FoxPHP_ImList':'FoxPHP','content="FoxPHP':'FoxPHP',
       
'var webroot=':'sdcms','/js/sdcms.js':'sdcms',
       
'/wcm/app/js':'TRS WCM','0;URL=/wcm':'TRS WCM','window.location.href = "//wcm";':'TRS WCM','forum\.trs\.com\.cn&wcm':'TRS WCM',
       
'/wcm" target="_blank':'TRS WCM','/wcm" target="_blank">管理':'TRS WCM',
       
'/templates/default/css/common.css&selectjobscategory':'74cms','Powered by <a href="http://www\.74cms\.com/':'74cms','content="74cms.com':'74cms','content="骑士CMS':'74cms',
       
'Generator" content="2z project':'2z project',
       
'generator" content="MediaWiki':'MediaWiki','/wiki/images/6/64/Favicon.ico':'MediaWiki','Powered by MediaWiki':'MediaWiki',
       
'/app/home/skins/default/style.css':'ThinkSAAS',
       
'content="Joomla':'Joomla','/media/system/js/core\.js&/media/system/js/mootools-core\.js':'Joomla',
       
'phpMyWind.com All Rights Reserved':'PHPMyWind','content="PHPMyWind':'PHPMyWind',
       
'semcms PHP':'SEMcms','sc_mid_c_left_c sc_mid_left_bt':'SEMcms',
       
'/Template/Ant/Css/AntHomeComm\.css':'小蚂蚁',
       
'content="171cms':'171cms',
       
'content="BAOCMS':'baocms',
       
'infoglueBox.png':'infoglue',
       
'power by bcms':'bluecms','bcms_plugin':'bluecms',
       
'content="MoMoCMS':'MoMoCMS','Powered BY MoMoCMS':'MoMoCMS',
       
'/css/global\.css&/twcms/theme/':'TWCMS',
       
'content="emlog"':'Emlog',
       
'GB_ROOT_DIR&maincontent.css':'HIMS 酒店云计算服务','HIMS酒店云计算服务':'HIMS 酒店云计算服务',
       
'GENERATOR" content="EasySite':'Easysite','Copyright 2009 by Huilan':'Easysite','_DesktopModules_PictureNews':'Easysite',
       
'页面加载中,请稍候&FrontEnd':'国家数字化学习资源中心系统',
        
}

head = {'X-Pingback':'WordPress','xmlrpc.php':'WordPress','wordpress_test_cookie':'WordPress',
       
'phpMyAdmin=':'phpMyAdmin=',
       
'adaptcms':'adaptcms',
       
'SS_MID&squarespace.net':'squarespace建站',
       
'X-Mas-Server':'TRS MAS',
       
'dr_ci_session':'dayrui系列CMS',
       
'http://www.cmseasy.cn/service_1.html':'CmsEasy',
       
'Osclass':'Osclass',
       
'clientlanguage':'unknown cms rcms',
       
'X-Powered-Cms: Twilight CMS':'TwilightCMS',
       
'IRe.CMS':'irecms',
       
'DotNetNukeAnonymous':'DotNetNuke',
       
'Easyweb CMS':'EasywebCMS',
       
'Kooboocms':'Kooboocms',
       
'Dnnoutputcache':'Dnnoutputcache',
       
'sisRapid':'SamanPortal',
       
'Eleanor CMS':'EleanorCMS',
       
'X-Tncms-Version':'Tncms',
       
'wb_session_id':'WebsiteBaker',
       
'UMI.CMS':'UMI.CMS',
       
'plone.content':'plone',
       
'intern.weebly.net':'weebly',
       
'X-Powered-Cms&WMSN':'WMSN',
       
'thinkphp':'ThinkPHP','think_template':'ThinkPHP',
       
'X-Powered-Cms:Bitrix Site Manager':'BitrixSiteManager',
       
'X-Powered-Cms:Techart CMS':'TechartCMS',
       
'X-Powered-Cms:BPanel CMS':'BPanelCMS',
       
'Sitecore CMS':'Sitecore',
       
'X-Powered-Cms:FOXI BIZzz':'FOXI',
       
'313CMS':'313自助建站',
       
'Synkron Via CMS':'SynkronVia',
       
'CONCRETE5':'concrete5',
       
'iAPPSCookie':'iAPPS',
       
'Requestsuccess4ajax':'unknown cms',
       
'anonprofile':'ADXStudio',
       
'Set-Cookie:frontsid':'chanzhi',
       
'X-Generator:Drupal':'Drupal',
       
'X-Powered-Cms:Subrion CMS':'SubrionCMS',
       
'supe_sid':'SupeSite',
       
'fe_typo_user': 'typo3',
       
'X-Powered-By:PigCms.com':'PigCms',
       
'ZKSID2':'ZikulaCMS',
       
'AntXiaouserslogin':'小蚂蚁',
       
'Power by: baocms':'baocms',
       
'EasySite-Compression':'Easysite',
       
'Mura CMS':'MuraCMS',
       
}

title = {'phpMyAdmin':'phpMyAdmin',
        
'seacms':'海洋CMS',
        
'Powered by ASPCMS':'ASPCMS',
        
'Powered by CmsEasy':'CmsEasy',
        
'大米CMS':'大米CMS',
        
'mymps':'mymps',
        
'jieqi cms':'jieqi',
        
'eadmin':'eadmin',
        
'Powerd by Jspxcms':'Jspxcms',
        
'Powered by EmpireCMS':'帝国 EmpireCMS',
        
'dtcms':'dtcms',
        
'publiccms':'PublicCMS',
         
'Powered by XYCMS':'XYCMS',
        
'Powered by ESPCMS':'ESPCMS',
        
'Powered by MetInfo':'MetInfo',
        
'Powered by SiteServer CMS':'SiteServer',
        
'Powered by JEECMS':'JEECMS',
        
'Powered by Npoint':'Npoint',
        
'Power By TCCMS':'TCCMS',
        
'Powered by deep soon':'地平线CMS',
        
'powered by sdcms':'sdcms',
        
'owered by 小蚂蚁.+网站系统':'小蚂蚁',
        
'171cms':'171cms',
        
'baocms':'baocms',
        
'infoglue':'infoglue',
        
}

效果如下

GIF.gif

GIF12.gif

感兴趣的小伙伴如果想要全部规则,可联系金乌实验室,联系方式:jinwu@jinwulab.com

 *原创作者:北风飘然@金乌网络安全实验室

未经允许不得转载:安全路透社 » 浅析国内指纹识别技术(附带小工具)

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册