Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HybridTechDetection with wappalyzer and tech templates. #4656

Merged
merged 7 commits into from
Feb 1, 2024
Merged

HybridTechDetection with wappalyzer and tech templates. #4656

merged 7 commits into from
Feb 1, 2024

Conversation

xxcdd
Copy link
Contributor

@xxcdd xxcdd commented Jan 17, 2024
edited by Mzack9999
Loading

Proposed changes

implement hybrid tech detection

This commit introduces the implementation of hybrid technology detection in the automaticscan package. The hybrid detection utilizes both Wappalyzer and Nuclei templates to identify technologies used by a target.

Keep Wappalyzer-based technology detection using fingerprints.
Add tech tag templates for technology detection.

Closes #4520
Based on #4562

Test

nuclei  -u http://testphp.vulnweb.com/ -duc -as



                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.5

                projectdiscovery.io


[WRN] Found 12 template[s] loaded with deprecated paths, update before v3 for continued support.
[WRN] Found 1 templates with runtime error (use -validate flag for further examination)
[INF] Current nuclei version: v3.1.5 (outdated)
[INF] Current nuclei-templates version: v9.7.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 61
[INF] Templates loaded for current scan: 7380
[INF] Executing 7398 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Loaded 410 cluster templates from the tech tag.
[INF] Executing wappalyzer based tech detection on input urls
[waf-detect:nginxgeneric] [http] [info] http://testphp.vulnweb.com/
[INF] Executing Wappalyzer based tech detection get (php, dreamweaver, nginx, ubuntu) for host &{http://testphp.vulnweb.com/  }
[INF] Executing Template based tech detection get (tech, php, dreamweaver, nginx, waf, misc, nginxgeneric) for host &{http://testphp.vulnweb.com/  }
[INF] Executing tags (php, dreamweaver, nginx, ubuntu, misc, nginxgeneric) for host &{http://testphp.vulnweb.com/  } (85 templates)
[nginx-version] [http] [info] http://testphp.vulnweb.com/ ["nginx/1.19.0"]
[clientaccesspolicy] [http] [info] http://testphp.vulnweb.com/clientaccesspolicy.xml
[INF] Using Interactsh Server: oast.live

@olearycrew
Copy link
Contributor

Thanks for this contribution @xxcdd !

@Mzack9999 Mzack9999 self-requested a review January 29, 2024 15:08
Mzack9999
Mzack9999 approved these changes Jan 29, 2024
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

supersedes #4562

@Mzack9999 Mzack9999 mentioned this pull request Jan 29, 2024
Closed
4 tasks
tarunKoyalwar
tarunKoyalwar approved these changes Jan 31, 2024
View reviewed changes
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm !

 ./nuclei -u https://www.hackerone.com -as  -c 1000  

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.5

		projectdiscovery.io

[INF] Current nuclei version: v3.1.5 (outdated)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 106
[INF] Templates loaded for current scan: 7463
[INF] Executing 7481 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Automatic scan tech-detect: Templates clustered: 250 (Reduced 237 Requests)
[INF] Executing Automatic scan on 1 target[s]
[drupal-detect] [http] [info] https://www.hackerone.com
[waf-detect:ats] [http] [info] https://www.hackerone.com/
[waf-detect:cloudflare] [http] [info] https://www.hackerone.com/
[INF] Found 13 tags and 2 matches on detection templates on https://www.hackerone.com [wappalyzer: 12, detection: 4]
[INF] Executing 112 templates on https://www.hackerone.com
[drupal-detect] [http] [info] https://www.hackerone.com
[drupal-login] [http] [info] https://www.hackerone.com
[INF] Using Interactsh Server: oast.pro

@ehsandeep ehsandeep merged commit 8d90470 into projectdiscovery:dev Feb 1, 2024
9 of 12 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Feb 2, 2024
Merged
@olearycrew olearycrew mentioned this pull request Feb 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tarunKoyalwar tarunKoyalwar tarunKoyalwar approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use "detect" templates alongside wappalyzer when using -automatic-scan
5 participants
@xxcdd @olearycrew @ehsandeep @Mzack9999 @tarunKoyalwar