常见扫描器或者自动化工具的特征(指纹)

网上有很多零星的文章介绍过,但是都不全,刚好最近最这些工具特征的收集和整理,就统计发出来。

网上有很多零星的文章介绍过,但是都不全,刚好最近最这些工具特征的收集和整理,就统计发出来。常见的有Awvs,Netsparker,Appscan,Webinspect,Rsas(绿盟极光),Nessus,WebReaver,Sqlmap。

1. Awvs(Acunetix Web Vulnerability Scanner )版本10.5和11

Awvs在请求的Url,Headers, Body三项里随机包含了能代表自己的特征信息

<1> Url:
acunetix-wvs-test-for-some-inexistent-file
by_wvs
acunetix_wvs_security_test
acunetix
acunetix_wvs
acunetix_test
<2> Headers:
Acunetix-Aspect-Password:
Cookie: acunetixCookie
Location: acunetix_wvs_security_test
X-Forwarded-Host: acunetix_wvs_security_test
X-Forwarded-For: acunetix_wvs_security_test
Host: acunetix_wvs_security_test
Cookie: acunetix_wvs_security_test
Cookie: acunetix
Accept: acunetix/wvs
Origin: acunetix_wvs_security_test
Referer: acunetix_wvs_security_test
Via: acunetix_wvs_security_test
Accept-Language: acunetix_wvs_security_test
Client-IP: acunetix_wvs_security_test
HTTP_AUTH_PASSWD: acunetix
User-Agent: acunetix_wvs_security_test
Acunetix-Aspect-Queries:任意值
Acunetix-Aspect:任意值
<3> Body (请求的post信息)
acunetix_wvs_security_test
acunetix

2. Netsparker

Netsparker依然在请求的Url,Headers, Body三项里随机包含了能代表自己的特征信息

<1> Url
netsparker
Netsparker
ns: netsparker

<2> Headers
X-Scanner: Netsparker
Location: Netsparker
Accept: netsparker/check
Cookie: netsparker
Cookie: NETSPARKER

<3> Body
netsparker

3. Appscan

Appscan依然在请求的Url,Headers, Body三项里随机包含了能代表自己的特征信息

<1>Url
Appscan

<2> Headers
Content-Type: Appscan
Content-Type: AppScanHeader
Accept: Appscan User-Agent:Appscan
<3> Body
Appscan

4. Webinspect

Webinspect依然在请求的Url,Headers, Body三项里随机包含了能代表自己的特征信息

<1> Url
HP404
<2> Headers
User-Agent: HP ASC
Cookie: webinspect
X-WIPP: 任意值
X-Request-Memo: 任意值
X-Scan-Memo: 任意值
Cookie: CustomCookie
X-RequestManager-Memo: 任意值

<3> Body
Webinspect

5.Rsas (绿盟极光)

Rsas 的主要的特征在Url和Headers中

<1> Url
nsfocus
<2> Headers
User-Agent: Rsas

6. Nessus

Nessus的特征主要在Url,Headers,Body中

<1> Url
nessus
Nessus

<2> Headers
x_forwarded_for: nessus
referer: nessus
host: nessus

<3> Body
nessus
Nessus

7. WebReaver

WebReaver的特征只在Headers中的UA中

<1> Headers
User-Agent: WebReaver

8.Sqlmap

Sqlmap在Url,Headers,Body中都含有特征值

<1> Url
sqlmap

<2> Headers
User-Agent: sqlmap(后接版本号,跟当前版本有关系)

<3> Body
sqlmap

2

发表评论

已有 2 条评论

取消
Loading...
css.php