File: header-hash.rb

package info (click to toggle)
whatweb 0.6.1-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 23,948 kB
  • sloc: ruby: 43,493; sh: 213; makefile: 41
file content (30 lines) | stat: -rw-r--r-- 1,050 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# https://morningstarsecurity.com/research/whatweb
##
Plugin.define do
name "Header-Hash"
authors [
  "Andrew Horton",
  # v0.2 # removed :probability
]
version "0.1"
description "Analyze the header of the HTML. Turns the first 500 characters into a signature. This can be used to group websites created with something unexpected. It's successful if it returns the same hash for more than 10% of samples. Some types of sites have more variation than others."
# successfully finds: blogspot pages, vbulletin, microtik routers, ning sites, 
# also identifies stuff like various types of 404s, virtual directory listings not allowed, apache default

# expect some noise. 100 matched too much, 1000 matched too litte. 500 is ok

passive do		
	if @body.size > 4
		hash=Digest::MD5.hexdigest(@body[0..500])	
		[{:name=>"hash",:string=>hash}]
	else
		[]
	end
end

end