-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PRP: Request Web Application Fingerprint - Elasticsearch & Kibana #134
Comments
Hi @C4o , Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development. Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have. Thanks! |
Hi @C4o , please provide finger prints for at least the versions from the last 3-5 years, and also include an automation script that will update the prebuilt fingerprint database when there is a new release of the web application (this will cover subsequent new versions). I realized that we currently don't have an automation script as an example, I will see if I can add one asap. It is hard to gauge the relevancy of pending detector requests without the fingerprinters to identify how often tsunami scanner encounters these software in the wild. I have already approved a confluence fingerprinting request #64, once it is rolled out, it will help to measure how relevant #223 is. |
Hi @maoning , I think it may be difficult to automatically update the fingerprint of the new version, cause it's hard to know what code is added in the new version and what features are caused by an automation script:( Are there any feasible methods for reference? I'll try it. |
Hi @C4o , https://github.com/google/tsunami-security-scanner-plugins/blob/44945935781404f2de649bf6f88dd3d60acdae6b/google/fingerprinters/web/scripts/updater/wordpress/update.sh is the automation script @magl0 submitted. It automatically spins up a version of the wordpress and update the fingerprint file with a new fingerprint (full commit: 4494593). You can put your update script at the same location under elasticsearch & kibana folder. |
Copy that. Thanks. @maoning |
Also @C4o, I see that this request has been opened for quite some time. Are you still willing to contribute to this plugin or should I just close it out? |
@tooryx Yes, I'll try to contribute to this plugin recently. |
Hi @tooryx. It seems that the latest version of elasticsearch cannot be fingerprinted by this way cause all static files cannot be requested directly. But the fingerprinter plugin for kibana seems okay.
And BTW, I tested other fingerprinter plugins, including wordpress/drupal/zabbix, I found errors occurred with no correct version when there are empty lines in versions.txt, and It worked after I delete the last line.
|
Could you at least proceed with submitting the Kibana ones for now? We can look again in Kibana when I have more time. ~tooryx |
@tooryx, yes of course, I'm working on fingerprinter with kibana in the past few days. |
Hi there,
I would like to start the implementation for a web application fingerprint that detects the following software - Elasticsearch and Kibana
Docker hub image:
https://hub.docker.com/_/elasticsearch
https://hub.docker.com/_/kibana
Please let me know if this is in scope.
The text was updated successfully, but these errors were encountered: