Closed killswitch-GUI closed 9 years ago
So right now, the "server" result is based on the header returned by the server. It's not actually a specific field that EyeWitness looks for. I don't really know if we could get that added in based off of how we're handling this. Also, while that is pretty sweet, I think we're more focused on getting screenshots vs. enumerating specific versions of software. But with that said, I'd love to hear input from @rvazarkar if he agrees.
I think it would be nice to add it but would worry that the database would need to be kept up to date and large enough to justify having it.
Can't this information be pulled out if the page title? On 5 Aug 2015 04:47, "ChrisTruncer" notifications@github.com wrote:
So right now, the "server" result is based on the header returned by the server. It's not actually a specific field that EyeWitness looks for. I don't really know if we could get that added in based off of how we're handling this. Also, while that is pretty sweet, I think we're more focused on getting screenshots vs. enumerating specific versions of software. But with that said, I'd love to hear input from @rvazarkar https://github.com/rvazarkar if he agrees.
— Reply to this email directly or view it on GitHub https://github.com/ChrisTruncer/EyeWitness/issues/154#issuecomment-127838928 .
Agreed, the best place will be the page title at the moment. It would be really nice, but that's another database to manage which at the moment I don't know if the two of us could manage.
Is it possible to conduct some simple fingerprinting of a service running, currently you have "server: Microsoft-IIS/7.5 " for a return field. Could you add in the Cisco ASA as the server and the current IOS to the repository of sigs?
Here is my code for the NSE script to fingerprint: https://github.com/killswitch-GUI/PenTesting-Scripts/blob/master/ASA-Check-Ver.nse
simple query of the ASA device at "/CSCOSSLC/config-auth" using a Header / User agent field you get a simple return of: "8.4(1) VPN Server"
Would be a great add :+1:
Thanks!