add: 3389端口指纹规则

XinRoom · Mar 4, 2023 · a71b8f6 · a71b8f6
1 parent 18b8620
commit a71b8f6
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/core/port/fingerprint/rules.go b/core/port/fingerprint/rules.go
@@ -31,6 +31,7 @@ var portServiceOrder = map[uint16][]string{
 	1748:  {"oracle"},
 	1754:  {"oracle"},
 	3306:  {"mysql"},
+	3389:  {"ms-wbt-server"},
 	6379:  {"redis"},
 	9001:  {"mongodb"},
 	14238: {"oracle"},
@@ -188,6 +189,25 @@ func init() {
 		},
 	}
 
+	// ms-wbt-server
+	serviceRules["ms-wbt-server"] = serviceRule{
+		Tls: false,
+		DataGroup: []ruleData{
+			{
+				ActionSend,
+				[]byte("\x03\x00\x00*%\xe0\x00\x00\x00\x00\x00Cookie: mstshash=pcpc\r\n\x01\x00\x08\x00\x03\x00\x00\x00"),
+				nil,
+			},
+			{
+				ActionRecv,
+				nil,
+				[]*regexp.Regexp{
+					regexp.MustCompile(`\x03\x00\x00.\x0e\xd0\x00\x00\x124\x00`),
+				},
+			},
+		},
+	}
+
 	// jdwp
 	serviceRules["jdwp"] = serviceRule{
 		Tls: false,