forked from urbanadventurer/WhatWeb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfooter-hash.rb
32 lines (27 loc) · 1.03 KB
/
footer-hash.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
Plugin.define do
name "Footer-Hash"
authors [
"Andrew Horton",
# v0.2 # removed :probability
]
version "0.2"
description "Analyze the footer of the HTML. Turns the last 500 characters into a signature. Only activates for sites with more than 1000 characters on the page. This can be used to group websites created with something unexpected. It's successful if it returns the same hash for more than 10% of samples. Some types of sites have more variation than others."
# successfully finds:
#
# expect some noise. 100 matched too much, 1000 matched too litte. 500 is ok
# tail 500, only if page has 1000 or more. any less and the footer overlaps with the header
passive do
if @body.size > 1000
hash=Digest::MD5.hexdigest(@body[-500..-1])
[{:name=>"hash",:string=>hash}]
else
[]
end
end
end