gofingerprint
GoFingerprint helps quickly indentify web servers by checking their HTTP responses against a user defined list of fingerprints. Whether it's trying to determine which servers in your recon set are bootspring or testing for a specific response from a payload, gf is the tool for you!
Thanks to @nahamsec https://github.com/nahamsec for the tool idea!
usage options
-badpath string
The intentional 404 path to hit each target with to get a response. (default "/sfdrbdbdb")
-body string
Data to send in the request body
-debug
Enable to see any errors with fetching targets
-fingerprints string
JSON file containing fingerprints to search for.
-method string
which HTTP request to make the request with. (default "GET")
-output string
Directory to output files (default "./")
-timeout int
timeout for connecting to servers (default 10)
-workers int
Number of workers to process urls (default 20)
basic usage
cat targets | gofingerprint -fingerprints ./fingerprints.json
fingerprint file format (example can be found in fingerprints directory)
[
{
"name": "<UNIQUE NAME OF FINGERPRINT>",
"fingerprint" : ["<SEARCH TEXT USED TO ID SERVICE OR PRODUCT>"] #allows multiple fingerprints
}
]