PRP: Dolibarr ERP fingerprint db and update scripts #333 #390
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will detect the dolibarr version from 6-18.0.0 google#333
|
@tooryx i made my first commit do let me know if something is not fine! |
tooryx
added
Contributor main
|
Hi @vishwaraj101, I will add it to our backlog, but we are slowly processing the backlog, so it might take a while. ~tooryx |
well i can join you guys if you need help from back side i am available that way. |
|
Hi @tooryx any update on the progress ? |
|
Hi @vishwaraj101, Please be patient. As I mentioned, we are slowly processing the backlog. It might take a while. ~tooryx |
|
Hi @vishwaraj101. Feel free to reach out |
|
Hello @vishwaraj101. Friendly ping |
|
Honestly not getting how to contribute not sure google made this
intentionally complicated program. I mean can I build a better
signature based scanner which will be very easy to contribute to no offense
!!
…On Fri, Oct 4, 2024 at 5:24 PM leonardo-doyensec ***@***.***> wrote:
Hello @vishwaraj101 <https://github.com/vishwaraj101>. Friendly ping
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5TKVH2TOOYXQRL3BD3ZZZ6YZAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOJTGUZTGMZVGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi @vishwaraj101, Sorry that it feels so complicated. What would be your suggestions to make it simpler and still integrate fully with Tsunami? ~tooryx |
|
I want to contribute with this PR but i don’t understand the unnecessary
complex code practice use by google to look cool. mY suggestion would draw
inspiration from tools like nuclei what we will do is write the signature
in a yaml based file and then let our code to scan the paths or the
parameters mentioned in that YAML file.
That way we can easily generate a template and push it into the code base
rather than writing fancy code in java and then compiling it from scratch.
In simple words restructure the code of detection engine and make it yaml
based.
Hope you got the point let me know I am down for any support or help I can
provide and looking forward to contribute.
Thanks,
Vishwaraj
…On Tue, 22 Oct 2024 at 2:15 PM, tooryx ***@***.***> wrote:
Hi @vishwaraj101 <https://github.com/vishwaraj101>,
Sorry that it feels so complicated. What would be your suggestions to make
it simpler and still integrate fully with Tsunami?
Does that mean that you do not wish to continue with this PR?
*~tooryx*
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5Q7O6KUJCPU4VA7OADZ4YGBTAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYGY2TAMZZHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Could you point me to an example plugin from nuclei that performs fingerprinting (and not vulnerability detection) and that would be an example of what you have in mind? ~tooryx |
|
Please download the nuclei tool
https://github.com/projectdiscovery/nuclei
And try to run the fingerprints templates on a given set of subdomains or
ips.
For example:
id: jira-fingerprint
info:
name: Jira Instance Fingerprinting
author: vishwaraj
severity: info
tags: jira, fingerprint
requests:
- method: GET
path:
- "{{BaseURL}}/rest/api/2/serverInfo"
matchers:
- type: word
words:
- "version"
- "baseUrl"
condition: or
Then run this template against your target domains.
nuclei -l ips.txt -t jira-fingerprint.yaml
If detected it will show you the output
…On Tue, 22 Oct 2024 at 2:43 PM, tooryx ***@***.***> wrote:
Could you point me to an example plugin from nuclei that performs
fingerprinting (and not vulnerability detection) and that would be an
example of what you have in mind?
*~tooryx*
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5SII7HTVNNWOAEPZXLZ4YJL5AVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYG4ZDOOBZGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
But in that example, the server is advertising its version and is located at the base of the This would represent a massive overall of the fingerprinting system. I am going to bring this to the rest of the team, but this seems unlikely, at the moment, that we prioritize this over other work we are doing to improve Tsunami. In the case of that specific PR, you already did 80% of the work and you need to run your ~tooryx |
|
I don’t see any problem coz every software runs differently and every
fingerprinting will be different there is no standard or RFC published to
detect the running web software versions (which i think will be the best
way to standardise things) and it is damm easy to write a fingerprinting
template if we know what to look in software!
You give me a task for fingerprinting and I will write it for ya now.
Considering project tsunami you can make a video POC from scratch
explaining how to setup the environment write detections or fingerprints
and then submit to the repo.
This will help a lot !!
…On Tue, 22 Oct 2024 at 4:42 PM, tooryx ***@***.***> wrote:
But in that example, the server is advertising its version and is located
at the base of the rootdir. How would that work for fingerprinting an app
that is not at the rootdir or does not advertising its version? In
Tsunami, we want to be able to identify (at least, as best as possible) the
running version.
This would represent a massive overall of the fingerprinting system. I am
going to bring this to the rest of the team, but this seems unlikely, at
the moment, that we prioritize this over other work we are doing to improve
Tsunami.
In the case of that specific PR, you already did 80% of the work and you
need to run your update.sh script in the right environment. If it happens
to be complicated, please let me know what is blocking you and I can update
the documentation so that it is more straightforward or guided.
~tooryx
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5RJRL42FIJMH3CNHWTZ4YXLJAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYHE4TIMZSGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Any thoughts ? or possibility of video poc?
On Tue, 22 Oct 2024 at 5:02 PM, Vishwaraj Bhattrai ***@***.***>
wrote:
… I don’t see any problem coz every software runs differently and every
fingerprinting will be different there is no standard or RFC published to
detect the running web software versions (which i think will be the best
way to standardise things) and it is damm easy to write a fingerprinting
template if we know what to look in software!
You give me a task for fingerprinting and I will write it for ya now.
Considering project tsunami you can make a video POC from scratch
explaining how to setup the environment write detections or fingerprints
and then submit to the repo.
This will help a lot !!
On Tue, 22 Oct 2024 at 4:42 PM, tooryx ***@***.***> wrote:
> But in that example, the server is advertising its version and is located
> at the base of the rootdir. How would that work for fingerprinting an
> app that is not at the rootdir or does not advertising its version? In
> Tsunami, we want to be able to identify (at least, as best as possible) the
> running version.
>
> This would represent a massive overall of the fingerprinting system. I am
> going to bring this to the rest of the team, but this seems unlikely, at
> the moment, that we prioritize this over other work we are doing to improve
> Tsunami.
>
> In the case of that specific PR, you already did 80% of the work and you
> need to run your update.sh script in the right environment. If it
> happens to be complicated, please let me know what is blocking you and I
> can update the documentation so that it is more straightforward or guided.
>
> ~tooryx
>
> —
> Reply to this email directly, view it on GitHub
> <#390 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABPZM5RJRL42FIJMH3CNHWTZ4YXLJAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYHE4TIMZSGE>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
Hi @vishwaraj101, I will not do a video, but I will try to update the documentation. That being said, it will take a while. ~tooryx |
|
Thanks I think a blog or step by step guide on how to contribute will also
do the job let me know if done. I will try to have a look and continue on
my work to contribute to the project.
Thanks,
Vishwaraj
…On Wed, Oct 23, 2024 at 4:27 PM tooryx ***@***.***> wrote:
Hi @vishwaraj101 <https://github.com/vishwaraj101>,
I will not do a video, but I will try to update the documentation. That
being said, it will take a while.
~tooryx
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5WJSR3WO4KDEYJA3ELZ456KJAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZRG4ZTCMBWGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi tooryx,
I really wanna contribute looking for updates from your end on the blog
post or the documentation upgrade !! let me once they are done I will read
them and restart my work.
Thanks and regards,
Vishwaraj
On Thu, Oct 24, 2024 at 11:58 PM Vishwaraj Bhattrai <
***@***.***> wrote:
… Thanks I think a blog or step by step guide on how to contribute will also
do the job let me know if done. I will try to have a look and continue on
my work to contribute to the project.
Thanks,
Vishwaraj
On Wed, Oct 23, 2024 at 4:27 PM tooryx ***@***.***> wrote:
> Hi @vishwaraj101 <https://github.com/vishwaraj101>,
>
> I will not do a video, but I will try to update the documentation. That
> being said, it will take a while.
>
> ~tooryx
>
> —
> Reply to this email directly, view it on GitHub
> <#390 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ABPZM5WJSR3WO4KDEYJA3ELZ456KJAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZRG4ZTCMBWGY>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
Hi @vishwaraj101, It will probably take some time before I can write the documentation. ~tooryx |
|
Hi Tooryx,
Can we train the signature generation to chatgpt or gemini to generate the
POC template code based on our input so that it will reduce the effort.
Also any progress on documentation yet ?
Thanks,
Vraj
…On Mon, 28 Oct 2024 at 8:24 PM, tooryx ***@***.***> wrote:
Hi @vishwaraj101 <https://github.com/vishwaraj101>,
It will probably take some time before I can write the documentation.
*~tooryx*
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5WAVN6O5F6U2TNPUR3Z5Y63DAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBRHAZDCNBYHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Hi @vishwaraj101, As long as the quality of the plugin that we receive for review does not decline, you can use whichever tool you have at your disposal. ~tooryx |
|
Yeah but I was asking any effort can be made from google end to train them
? So that we can generate at ease ?
…On Thu, 21 Nov 2024 at 6:19 PM, tooryx ***@***.***> wrote:
Hi @vishwaraj101 <https://github.com/vishwaraj101>,
As long as the quality of the plugin that we receive for review does not
decline, you can use whichever tool you have at your disposal.
*~tooryx*
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5Q5DLIRRYXYXAUCA3D2BXJHBAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJRGA2TIMJRGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
This is currently not planned, no. ~tooryx |
|
Ok and your documentation guide on how ro write the plugin ?
…On Thu, 21 Nov 2024 at 7:22 PM, tooryx ***@***.***> wrote:
This is currently not planned, no.
*~tooryx*
—
Reply to this email directly, view it on GitHub
<#390 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABPZM5XBPUQEIYUAUMORKVL2BXQQNAVCNFSM6AAAAABDPLQ2LWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOJRGIZTOMZUG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I still did not have time to work on this, sorry. ~tooryx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will detect the dolibarr version from 6-18.0.0 #333