Add a WebSocket++ fingerprint

rapid7 / recog

Pattern recognition for hosts, services, and content

Other

662 stars 195 forks source link

Add a WebSocket++ fingerprint #414

Closed dabdine closed 2 years ago

dabdine commented 2 years ago

Description

Adds a fingerprint for WebSocket++. There are over 72K of these on the internet, according to Censys.

The server git repository is on GH: https://github.com/zaphoyd/websocketpp

Motivation and Context

Adds a fingerprint

How Has This Been Tested?

bundle exec rake tests

Types of changes

New feature (non-breaking change which adds functionality)

Checklist:

[x] I have updated the documentation accordingly (or changes are not required).
[x] I have added tests to cover my changes (or new tests are not required).
[x] All new and existing tests passed.

dabdine commented 2 years ago

Output from recog_match (with a little transform to make it easier to read):

echo -n "WebSocket++/0.8.1" | bin/recog_match xml/http_servers.xml | cut -c 8- | sed 's/=>/:/g' | jq .
{
  "matched": "WebSocket++ web server - https://github.com/zaphoyd/websocketpp",
  "service.vendor": "Zaphoyd Studios",
  "service.product": "WebSocket++",
  "service.family": "WebSocket++",
  "service.version": "0.8.1",
  "service.cpe23": "cpe:/a:zaphoyd:websocketpp:0.8.1",
  "service.protocol": "http",
  "fingerprint_db": "http_header.server",
  "data": "WebSocket++/0.8.1"
}

mkienow-r7 commented 2 years ago

Would you please rebase with master to resolve the merge conflict? I can take care of that if you don't want to deal with it.

dabdine commented 2 years ago

@mkienow-r7 thanks for the reviews and shepherding the merge!