How can I only capture the HTML TITLE and not other types of metadata? - Githubissues

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

GNU Affero General Public License v3.0

22.97k stars 3.02k forks source link

How can I only capture the HTML TITLE and not other types of metadata? #759

Open goccikcan opened 5 months ago

goccikcan commented 5 months ago

I had an output like this using --banner :

service name="http" banner="HTTP/1.1 302 Found\x0d\x0aCache-Control: no-cache\x0d\x0aContent-length: 0\x0d\x0aLocation: https://xxxx.com/

as you can see, the banner option didn't give me the title field from HTML where it has a title as "Welcome to nginx!" when I check in browser.

But for some IPs it gives:

service name="title" banner="410 Gone"

with the given title, which I ask for. Actually only 17% of the results have title information, others have http.server or http information.

Is there any option to get ONLY the titles, or should I use "--capture html"?

Also it is mentioned in the docs as:

when doing banners (--banner), this determines what to capture from the banners. By default, only the TITLE field from HTML documents is captured.

where it seems false.

mzpqnxow commented 3 weeks ago

This may be a race condition caused by not preventing your tcp/ip stack from resetting the connection

Are you using the iptables rule and --adapter-port setting described in the readme, to prevent this?

$ sudo iptables -A INPUT -p TCP --dport 61000
$ masscan --adapter-port=61000 --capture...