search

urbanadventurer / WhatWeb

Next generation web scanner
https://www.morningstarsecurity.com/research/whatweb
GNU General Public License v2.0
5.55k stars 906 forks source link

.well-known/ directory fingerprint #265

Open blshkv opened 6 years ago

blshkv commented 6 years ago

https://developers.google.com/digital-asset-links/v1/getting-started

Often, there is a .well-known/assetlinks.json file located within webroot. That file can be used to discover an additional information which is not available from the front page:

- Website A declares that links to its site should open in a designated app on mobile devices, if the app is  installed.
- Website A declares that it can share its Chrome user credentials with website B so that the user won't have to log in to website B if it is logged into website A.
- App A declares that it can share device settings, such as location, with website B.

I was wondering if you could add it for fingerprinting

Update: Here is the full list of files which may be in the ".well-known" directory: https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml https://tools.ietf.org/html/rfc5785

urbanadventurer commented 6 years ago

This would make a good plugin @blshkv. What are your ideas on how to implement it?