WangYihang / Platypus

:hammer: A modern multiple reverse shell sessions manager written in go
http://platypus-reverse-shell.vercel.app
GNU Lesser General Public License v3.0
1.52k stars 224 forks source link

Port scans and HTTPS requests will show up in the dashboard as a shell #152

Open vincentcox opened 2 years ago

vincentcox commented 2 years ago

Description

Port scans and HTTPS requests will show up in the dashboard as a shell. The overview/dashboard is being polluted by random scans from the internet and GET requests from crawlers (like google or some automated scanners).

Reproduce

  1. Run the program
  2. Open https://IP:port in a browser and perform a GET HTTPS request
  3. do a simple NMAP scan on the server

Expected behavior

The HTTPS GET request and nmap scan should not be detected as an incoming shell.

Current behavior

The HTTPS GET request and nmap scan are detected as an incoming shell. Now the overview/dashboard is being polluted by random scans from the internet and GET requests from crawlers (like google or some automated scanners).

Screenshots/Terminal log

NMAP:

image image

HTTPS request:

image image

Environments

WangYihang commented 2 years ago

@vincentcox, thanks for reporting.

Yes, It is a severe problem. I will try to figure out how to solve it soon.