With this new resource and finding, it is possible to represent websites in the database.
When a PortServiceFinding with a serviceName of http or https is emitted by a job, the jobs manager recognises that this is a website and emits a WebsiteFinding for every combination of a host's linked domains.
It is done this way because a port scan does not have the domain information with it, and anyway, any domain that resolves to a host could have a different website for the same port through the concept of virtual hosts.
A website is the combination of a domain (can be empty), a host, a port and a path (defaults to /). The reason behind the path is that several websites could be routed by a proxy, resulting in a different website at a different path.
This PR does not include any interface, but it will eventually get its own view. Cleanup is also lacking a little bit.
You can ignore the "new" e2e tests here. They are a copy paste from ports and will be fully changed in the next PR
This PR is the first of multiple PRs
With this new resource and finding, it is possible to represent websites in the database.
When a
PortServiceFindingwith aserviceNameofhttporhttpsis emitted by a job, the jobs manager recognises that this is a website and emits aWebsiteFindingfor every combination of a host's linked domains.It is done this way because a port scan does not have the domain information with it, and anyway, any domain that resolves to a host could have a different website for the same port through the concept of virtual hosts.
A website is the combination of a domain (can be empty), a host, a port and a path (defaults to
/). The reason behind the path is that several websites could be routed by a proxy, resulting in a different website at a different path.This PR does not include any interface, but it will eventually get its own view. Cleanup is also lacking a little bit.