{"id":14637779,"url":"https://github.com/HackAllSec/hfinger","last_synced_at":"2025-09-07T05:33:05.028Z","repository":{"id":248882070,"uuid":"830070199","full_name":"HackAllSec/hfinger","owner":"HackAllSec","description":"一个用于web框架、CDN和CMS指纹识别的高性能命令行工具。A high-performance command-line tool for web framework, CDN and CMS fingerprinting.","archived":false,"fork":false,"pushed_at":"2024-11-03T15:34:47.000Z","size":3938,"stargazers_count":179,"open_issues_count":0,"forks_count":8,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-26T01:50:28.336Z","etag":null,"topics":["cdn-fingerprints","cms-fingerprints","framework-fingerprints","web-fingerprints"],"latest_commit_sha":null,"homepage":"https://blog.hackall.cn/tools/1306.html","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HackAllSec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://www.hackall.cn"]}},"created_at":"2024-07-17T14:26:26.000Z","updated_at":"2024-12-25T15:49:41.000Z","dependencies_parsed_at":"2024-09-08T11:49:34.568Z","dependency_job_id":"d3b3881c-7a6a-4e96-bee1-4e9edcc04fcd","html_url":"https://github.com/HackAllSec/hfinger","commit_stats":null,"previous_names":["hackallsec/hfinger"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackAllSec%2Fhfinger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackAllSec%2Fhfinger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackAllSec%2Fhfinger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HackAllSec%2Fhfinger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HackAllSec","download_url":"https://codeload.github.com/HackAllSec/hfinger/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232182972,"owners_count":18484712,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cdn-fingerprints","cms-fingerprints","framework-fingerprints","web-fingerprints"],"created_at":"2024-09-10T02:01:15.736Z","updated_at":"2025-09-07T05:33:04.999Z","avatar_url":"https://github.com/HackAllSec.png","language":"Go","readme":"## HFinger简介\n\n#### 简体中文 | [English](README_EN.md)\n![](https://github.com/HackAllSec/hfinger/blob/main/images/logo.png)\n\n**hfinger** 是一个**高性能**、**准确**的命令行指纹识别工具，用于红队打点时快速准确识别指定目标的 Web 框架、CDN 和 CMS 等信息。由于[EHole](https://github.com/EdgeSecurityTeam/EHole)很久没更新了，且存在一些缺点（误报、漏报、匹配不太灵活等），此工具根据 `finger.json` 文件中定义的指纹进行匹配，优化原有文件结构，增加匹配逻辑，增加错误页识别和被动识别模式。\n\n虽然是重复造轮子了，但是造轮子的意义就在于优化和改进。后期会不断优化指纹库，认真做好每一个指纹。如果觉得不错的话，给个Star鼓励一下吧。\n\n如何做好指纹，让匹配更精确？\n\n1. 优先寻找独一无二的特征，如特定的响应Header，请求Header以及Cookie字段等\n2. 其次寻找一般不变的数据，如网页中依赖的js文件，路径结构，body字段以及错误页面特征等\n3. 实在找不到再寻找容易被修改的特征，如图标hash，网站标题等\n\n最好结合起来，防止二次开发的系统修改图标、页面样式后无法匹配到。\n\n### 特性\n\n- 高性能、精准的识别目标\n- 支持同一目标匹配多个框架指纹识别\n- 支持主动模式和被动模式\n- 支持根据错误页识别\n- 根据响应 Header、body 和 title 与 finger.json 中定义的指纹进行匹配\n- finger.json支持自定义匹配逻辑\n- 支持随机UA头\n- 支持多线程，线程数可通过 -t 参数调整\n- 支持代理，通过 -p 参数指定代理\n- 实时输出匹配结果，匹配到则使用绿色输出，未匹配到则使用白色输出\n- 支持 JSON、XML 和 XLSX 格式的输出\n- 支持HTTP/2和HTTP/1\n- 支持标准HTTPS和国密HTTPS\n- 由于Fofa的部分icon_hash和Mmh3Hash32的计算结果不一致，新增了icon_hash计算工具\n\n### 指纹库\n\n- 收录的产品、Web框架和CMS总数（根据不同cms的值统计，名称相同的指纹只记1次）：**1177**\n- 指纹总数量（数量小的原因是已将指纹进行优化和合并，对同一资产的指纹进行合并）：**1412**\n- 指纹库中的规则区分大小写，自定义添加指纹是需要注意\n\n兵在精而不在多，指纹数量也一样，看数量意义不大，关键看可以识别的产品、Web框架和CMS数量。\n\n#### 编写规则\n\n指纹库位于 `data/finger.json`，格式为JSON。共包含5个字段：\n- **cms**: 产品名称，包括 CMS 名称，CDN名称等\n- **method**: 匹配方式，取值为 `keyword` 或 `faviconhash`，分别表示通过关键词匹配或通过网站图标 Hash 匹配，取值为 `faviconhash` 时会忽略 `location` 字段\n- **location**: 匹配位置，取值为 `header`、`body`、`title`，分别表示匹配响应 Header、body 和 title 中的内容\n- **logic**: 匹配逻辑，取值为 `and` 或 `or`，分别表示规则的 AND 和 OR 逻辑，匹配规则包含多个条件时生效\n- **rule**: 匹配规则，包含多个条件，条件之间使用 `,` 分割\n\n## 使用方法\n\n### 安装\n\n确保你已经安装了 Go 语言环境，然后克隆本仓库并编译：\n```bash\ngit clone https://github.com/HackAllSec/hfinger.git\ncd hfinger\ngo build\n```\n\nWindows下可直接运行`windows_build.bat`编译。\n\n### 命令行参数\n\n```bash\n\n █████         ██████   ███\n▒▒███         ███▒▒███ ▒▒▒\n ▒███████    ▒███ ▒▒▒  ████  ████████    ███████  ██████  ████████\n ▒███▒▒███  ███████   ▒▒███ ▒▒███▒▒███  ███▒▒███ ███▒▒███▒▒███▒▒███\n ▒███ ▒███ ▒▒▒███▒     ▒███  ▒███ ▒███ ▒███ ▒███▒███████  ▒███ ▒▒▒\n ▒███ ▒███   ▒███      ▒███  ▒███ ▒███ ▒███ ▒███▒███▒▒▒   ▒███\n ████ █████  █████     █████ ████ █████▒▒███████▒▒██████  █████\n▒▒▒▒ ▒▒▒▒▒  ▒▒▒▒▒     ▒▒▒▒▒ ▒▒▒▒ ▒▒▒▒▒  ▒▒▒▒▒███ ▒▒▒▒▒▒  ▒▒▒▒▒\n                                        ███ ▒███\n                                       ▒▒██████\n                                        ▒▒▒▒▒▒                     By:Hack All Sec\n\nA high-performance command-line tool for web framework and CMS fingerprinting\n\nUsage:\n  hfinger [flags]\n\nFlags:\n  -f, --file string          Read assets from local files for fingerprint recognition, with one target per line\n  -h, --help                 help for hfinger\n  -l, --listen string        Using a proxy resource collector to retrieve targets, example: 127.0.0.1:6789\n  -j, --output-json string   Output all results to a JSON file\n  -s, --output-xlsx string   Output all results to a Excel file\n  -x, --output-xml string    Output all results to a XML file\n  -p, --proxy string         Specify the proxy for accessing the target, supporting HTTP and SOCKS, example: http://127.0.0.1:8080\n  -t, --thread int           Number of fingerprint recognition threads (default 100)\n      --update               Update fingerprint database\n      --upgrade              Upgrade to the latest version\n  -u, --url string           Specify the recognized target,example: https://www.example.com\n  -v, --version              Display the current version of the tool\n```\n\n### 使用示例\n\n#### 主动模式\n\n单个 URL 识别:\n```bash\nhfinger -u https://www.hackall.cn\n```\n从文件中读取目标并识别（每行一个url，需要添加协议，如http或https）:\n```bash\nhfinger -f targets.txt\n```\n指定代理:\n```bash\nhfinger -u https://www.hackall.cn -p http://127.0.0.1:8080\n```\n输出为 JSON 格式:\n```bash\nhfinger -u https://www.hackall.cn -j output.json\n```\n输出为 XML 格式:\n```bash\nhfinger -u https://www.hackall.cn -x output.xml\n```\n输出为 XLSX 格式:\n```bash\nhfinger -u https://www.hackall.cn -s output.xlsx\n```\n\n#### 被动模式\n\n用法和`Xray`类似，包括启动监听、添加上游代理，工具联动等等。被动模式可以识别主动模式无法识别的指纹，且比主动扫描更加全面。\n\n启动监听即可：\n```bash \nhfinger -l 127.0.0.1:8888 -s res.xlsx\n```\n![](https://github.com/HackAllSec/hfinger/blob/main/images/passivemode.png)\n![](https://github.com/HackAllSec/hfinger/blob/main/images/passive.png)\n\n要支持HTTPS需要将`certs`目录下的证书导入浏览器。\n\n**联动其它工具**\n\n联动`Xray`或其它工具有两种方式：\n\n方式一:  `Target -\u003e Xray/Burp -\u003e hfinger`\n\n在上边的基础上浏览器设置代理经过`Xray`或`Burp`，然后在`Xray`或`Burp`配置上游代理为`hfinger`的监听地址即可。\n\n方式二: `Target -\u003e hfinger -\u003e Xray`\n\n启动`hfinger`被动模式，使用`-p`参数设置上游代理，浏览器设置代理为`hfinger`的监听地址即可。\n```bash\nhfinger -l 127.0.0.1:8888 -p http://127.0.0.1:7777 -s res.xlsx\n```\n\n### 输出示例\n\n实时输出:\n\n![](https://github.com/HackAllSec/hfinger/blob/main/images/output.png)\n\nJSON 输出格式:\n```json\n[\n  {\n    \"url\": \"https://example.com\",\n    \"cms\": \"若依\",\n    \"server\": \"cloudflare\",\n    \"statuscode\": 200,\n    \"title\": \"登录\"\n  },\n  {\n    \"url\": \"https://example.com\",\n    \"cms\": \"Shiro\",\n    \"server\": \"cloudflare\",\n    \"statuscode\": 200,\n    \"title\": \"登录\"\n  }\n]\n```\nXML 输出格式:\n```\n\u003cresults\u003e\n  \u003cresult\u003e\n    \u003cURL\u003ehttps://blog.hackall.cn\u003c/URL\u003e\n    \u003cCMS\u003eTypecho\u003c/CMS\u003e\n    \u003cServer\u003ecloudflare\u003c/Server\u003e\n    \u003cStatusCode\u003e404\u003c/StatusCode\u003e\n    \u003cTitle\u003eHack All Sec的博客 - Hack All Sec\u0026#39;s Blog\u003c/Title\u003e\n  \u003c/result\u003e\n\u003c/results\u003e\n```\nXLSX输出格式：\n|URL|CMS|Server|StatusCode|Title|\n|-|-|-|-|-|\n|https://blog.hackall.cn|Typecho|cloudflare|200|Hack All Sec的博客 - Hack All Sec's Blog|\n\n![](https://github.com/HackAllSec/hfinger/blob/main/images/xlsx.png)\n\n## 目录结构\n\n```\nhfinger/\n|-- main.go               // 启动程序入口\n|-- cmd/                  // 命令行相关代码\n|   |-- banner.go\n|   |-- args.go\n|-- icon                  // 图标文件\n|-- config/\n|   |-- config.go         // 配置文件\n|-- data/\n|   |-- finger.json       // 指纹数据文件\n|-- models/\n|   |-- finger.go         // 核心指纹扫描逻辑\n|   |-- faviconhash.go    // favicon hash计算\n|   |-- matcher.go        // 匹配逻辑\n|   |-- mitm.go           // 中间人代理服务\n|-- output\n|   |-- jsonoutput.go     // 输出json文件\n|   |-- xmloutput.go      // 输出xml文件\n|   |-- xlsxoutput.go     // 输出xlsx文件\n|-- utils/\n|   |-- http.go           // HTTP请求相关\n|   |-- certs.go          // 证书相关\n|   |-- update.go         // 升级与更新\n```\n\n## 变更记录\n\n[CHANGELOG](CHANGELOG.md)\n\n## 贡献\n\n欢迎提交 PR 、Issues 和指纹库。\n\n欢迎基于此项目开发其它工具或扩展此工具功能。\n\n你可以在`data/finger.json`文件末尾追加新的指纹，并通过PR提交。或提交Issues告诉我们不能识别的CMS或框架以及更多细节。\n\n## 许可\n\n请遵守[MIT License](LICENSE)\n\n## Star History\n\n![](https://api.star-history.com/svg?repos=HackAllSec/hfinger\u0026type=Date)\n","funding_links":["https://www.hackall.cn"],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHackAllSec%2Fhfinger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHackAllSec%2Fhfinger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHackAllSec%2Fhfinger/lists"}