Comments (6)
Hi @W0ngL1,
You can start working on this fingerprints.
~tooryx
from tsunami-security-scanner-plugins.
Thanks @tooryx, I'm working on it.
from tsunami-security-scanner-plugins.
Hi @tooryx, I've tried today, and it seems that the latest version of couchdb cannot be fingerprinted by this way, all static files cannot be requested directly.
INFO: No new fingerprints found.
Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.5/userguide/command_line_interface.html#sec:command_line_warnings
BUILD SUCCESSFUL in 25s
6 actionable tasks: 1 executed, 5 up-to-date
fingerprint updating failed
I tested with Solr, it works well #395. And next time I'll contribute other fingerprinters only after testing the latest working version.
INFO: Write data file to /root/solr_fingerprints/fingerprints/fingerprint.binproto.
Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.5/userguide/command_line_interface.html#sec:command_line_warnings
BUILD SUCCESSFUL in 5s
6 actionable tasks: 1 executed, 5 up-to-date
Fingerprint updated for Solr. Please commit the following file:
/root/solr_fingerprints/fingerprints/fingerprint.binproto
from tsunami-security-scanner-plugins.
Hi @W0ngL1,
I do not have a lot of experience with CouchDB, but it does not seem to really be a web service but rather a database with an HTTP-like API. Maybe it does not make sense to add a fingerprint for it in the WebFingerprinter then, what do you think?
~tooryx
from tsunami-security-scanner-plugins.
Hi @tooryx,
You're right. It does not make sense to add fingerprint for it. And sorry for wasting your time.
I used to think that couchdb is popular so it must have a GUI interface for users, like kibana and elasticsearch. But it's just a JSON-API.
Next time I'll contribute other fingerprinters only after testing the latest working version. And as mentioned in the previous comment, Solr can be fingerprinted. If you think it's in scope, I can start my work.
from tsunami-security-scanner-plugins.
Hi @W0ngL1,
No worries. Sorry that you invested time and it did not pay of.
I will check the apache solr one.
~tooryx
from tsunami-security-scanner-plugins.
Related Issues (20)
- AI PRP: Weak credential tester for jupyter lab/notebook through Jupyterhub
- PRP: Request Adobe Commerce RCE(CVE-2024-20720) HOT 2
- AI PRP: prestodb exposed UI and APIs
- AI PRP: clickhouse exposed API with weak/default credentials HOT 2
- Spring Boot H2 Database - Remote Command Execution HOT 1
- CVE-2024-28255 - OpenMetaData RCE
- PRP: PAN-OS Firewall RCE HOT 1
- PRP: Adobe ColdFusion - CVE-2023-26360 HOT 1
- AI PRP: CVE-2023-48022 - Ray RCE HOT 1
- AI PRP: argo rollouts
- AI PRP: argo events
- AI PRP: Minio Weak credentials tester HOT 3
- PRP: Unauthenticated Mongodb server
- PRP: Exposed Docker daemon Remote Access HOT 6
- PRP: Exposed Android Debug Bridge
- AI PRP: BentoML Insecure Deserialization RCE HOT 6
- AI PRP: Gardio Arbitrary File Read CVE-2024-1561
- AI PRP: Apache Flink exposed UI
- AI PRP: New Web Fingerprint for Open-WebUI (Ollama WebUI) HOT 1
- AI PRP: Mindsdb weak credential
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsunami-security-scanner-plugins.