{"id":26282037,"url":"https://github.com/chainreactors/fingers","last_synced_at":"2025-10-08T23:42:18.956Z","repository":{"id":225787766,"uuid":"766231554","full_name":"chainreactors/fingers","owner":"chainreactors","description":"ALLINONE framework and technology detect lib","archived":false,"fork":false,"pushed_at":"2025-08-31T19:55:08.000Z","size":2611,"stargazers_count":196,"open_issues_count":2,"forks_count":29,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-31T21:29:21.867Z","etag":null,"topics":["fingerprint","security-tools"],"latest_commit_sha":null,"homepage":"https://chainreactors.github.io/wiki/libs/fingers/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainreactors.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-03-02T17:36:55.000Z","updated_at":"2025-08-31T19:55:12.000Z","dependencies_parsed_at":"2025-08-31T21:18:22.244Z","dependency_job_id":"02423358-c9e4-4b90-9a99-f551a43e6561","html_url":"https://github.com/chainreactors/fingers","commit_stats":null,"previous_names":["chainreactors/fingers"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/chainreactors/fingers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Ffingers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Ffingers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Ffingers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Ffingers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainreactors","download_url":"https://codeload.github.com/chainreactors/fingers/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Ffingers/sbom","scorecard":{"id":273069,"data":{"date":"2025-08-11","repo":{"name":"github.com/chainreactors/fingers","commit":"7380518a85e9433625fa184565e30be93d6032fb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.1,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T13:50:33.511Z","repository_id":225787766,"created_at":"2025-08-17T13:50:33.511Z","updated_at":"2025-08-17T13:50:33.511Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000728,"owners_count":26082862,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fingerprint","security-tools"],"created_at":"2025-03-14T16:19:28.032Z","updated_at":"2025-10-08T23:42:18.922Z","avatar_url":"https://github.com/chainreactors.png","language":"Go","readme":"\n## Introduce\n\n多指纹库聚合识别引擎.  当前支持`fingers(主指纹库)` `wappalyzer`, `fingerprinthub`, `ehole`, `goby` 指纹\n\n不用再挑选指纹识别的工具, AllInOne一站式实现\n\n使用了fingers的工具: \n\n* ⭐ [spray](https://github.com/chainreactors/spray) **最佳实践**, 集合了目录爆破, 指纹识别, 信息收集等等功能的超强性能的http fuzz工具\n* [gogo](https://github.com/chainreactors/gogo), 使用了fingers原生指纹库, 红队向的自动化扫描引擎\n* [zombie](https://github.com/chainreactors/zombie), 在爆破前使用fingers进行指纹验证, 提高爆破效率\n\n(任何使用了fingers的工具欢迎在issue中告诉我, 我会将你的工具添加到这里)\n\n## Features\n\n* 支持多指纹库聚合识别\n  * ✅ fingers 原生指纹库\n  * ✅ [wappalyzer](https://github.com/projectdiscovery/wappalyzergo)\n  * ✅ [fingerprinthub](https://github.com/0x727/FingerprintHub)\n  * ✅ [ehole](https://github.com/EdgeSecurityTeam/EHole)\n  * ✅ goby\n* 支持多指纹源favicon识别\n* 超强性能, 单个站点识别 \u003c100ms. 重写了各指纹库的引擎, 并极大优化了性能\n* 聚合输出, 多指纹库的结果将会自动整合\n* 支持CPE的URI, FSB, WFN格式输出\n\n### morefingers\n\nhttps://github.com/chainreactors/morefingers\n\nfingers的拓展引擎, 有更全更大的指纹库.\n\n从对闭源工具的逆向得到的指纹库, 为了避免可能存在的纠纷, 不提供开源版本. \n\n## QuickStart\n\n`go get github.com/chainreactors/fingers@master`\n\n### Example\n\ndocument: https://chainreactors.github.io/wiki/libs/fingers/\n\n调用内置所有进行指纹引擎识别, 示例:\n\n```golang\nfunc TestEngine(t *testing.T) {\n    engine, err := NewEngine()\n    if err != nil {\n       panic(err)\n    }\n    resp, err := http.Get(\"http://127.0.0.1:8080/\")\n    if err != nil {\n       return\n    }\n    content := httputils.ReadRaw(resp)\n    frames, err := engine.DetectContent(content)\n    if err != nil {\n        return\n    }\n    fmt.Println(frames.String())\n}\n```\n\n调用SDK识别Favicon指纹, 示例:\n\n```golang\nfunc TestFavicon(t *testing.T) {\n    engine, err := NewEngine()\n    if err != nil {\n        panic(err)\n    }\n    resp, err := http.Get(\"http://baidu.com/favicon.ico\")\n    if err != nil {\n        return\n    }\n    content := httputils.ReadRaw(resp)\n    body, _, _ := httputils.SplitHttpRaw(content)\n    frame := engine.DetectFavicon(body)\n    fmt.Println(frame.String())\n}\n```\n\n更多用法请见: https://chainreactors.github.io/wiki/libs/fingers/sdk/\n\n## fingers 引擎\n\nfingers指纹引擎是目前特性最丰富, 性能最强的指纹规则库.\n\n*  支持多种方式规则配置\n*  支持多种方式的版本号匹配\n*  404/favicon/waf/cdn/供应链指纹识别\n*  主动指纹识别\n*  超强性能, 采用了缓存,正则预编译,默认端口,优先级等等算法提高引擎性能\n*  重点指纹,指纹来源与tag标记\n\n\n### 内置指纹库\n\n指纹库位于: https://github.com/chainreactors/templates/tree/master/fingers\n\n文档: https://chainreactors.github.io/wiki/libs/fingers/rule/\n\ntcp指纹与http指纹为同一格式, 但通过不同的文件进行管理\n\n### 完整的配置\n\nfingers设计的核心思路是命中一个指纹仅需要一条规则, 因此配置的多条规则中, 只需要任意一条命中即标记为命中, 需要在编写指纹的时候注意找到最能匹配目标框架的那条规则.\n\n一个完整的配置:\n\n```yaml\n- name: frame   # 指纹名字, 匹配到的时候输出的值\n  default_port: # 指纹的默认端口, 加速匹配. tcp指纹如果匹配到第一个就会结束指纹匹配, http则会继续匹配, 所以默认端口对http没有特殊优化\n    - '1111'\n  protocol: http  # tcp/http, 默认为http\n  rule:\n   - version: v1.1.1 # 可不填, 默认为空, 表示无具体版本\n     regexps: # 匹配的方式\n        vuln: # 匹配到vuln的正则, 如果匹配到, 会输出framework为name的同时, 还会添加vuln为vuln的漏洞信息\n          - version:(.*) # vuln只支持正则,  同时支持版本号匹配, 使用括号的正则分组. 只支持第一组\n        regexp: # 匹配指纹正则\n          - \"finger.*test\" \n       # 除了正则, 还支持其他类型的匹配, 包括以下方式\n        header: # 仅http协议可用, 匹配header中包含的数据\n          - string\n        body: # 包含匹配, 非正则表达式\n          - string\n        md5: # 匹配body的md5hash\n          - [md5]\n        mmh3: # 匹配body的mmh3hash\n          - [mmh3]\n          \n        # 只有上面规则中的至少一条命中才会执行version\n        version: \n          - version:(.*)  # 某些情况下难以同时编写指纹的正则与关于版本的正则, 可以特地为version写一条正则\n\n     favicon: # favicon的hash值, 仅http生效\n        md5:\n          - f7e3d97f404e71d302b3239eef48d5f2\n        mmh3:\n          - '516963061'\n     level: 1      # 0代表不需要主动发包, 1代表需要额外主动发起请求. 如果当前level为0则不会发送数据, 但是依旧会进行被动的指纹匹配.\n     send_data: \"info\\n\" # 匹配指纹需要主动发送的数据\n     vuln: frame_unauthorized # 如果regexps中的vuln命中, 则会输出漏洞名称. 某些漏洞也可以通过匹配关键字识别, 因此一些简单的poc使用指纹的方式实现, 复杂的poc请使用-e下的nuclei yaml配置\n\n```\n\n为了压缩体积, 没有特别指定的参数可以留空会使用默认值。\n\n在两个配置文件中包含大量案例可供参考。\n\n但实际上大部分字段都不需要配置, 仅作为特殊情况下的能力储备。\n\n每个指纹都可以有多个rule, 每个rule中都有一个regexps, 每个regexps有多条不同种类的字符串/正则/hash\n\n\n## TODO \n\n- [x] 指纹名重定向, 统一多指纹库的同一指纹不同名问题\n- [x] 指纹黑名单, 用于过滤指纹库中的垃圾指纹\n- [x] 更丰富的CPE相关特性支持\n- [ ] 更优雅的与nuclei或其他漏洞库联动\n- 支持更多引擎\n  - [ ] [nuclei technologies](https://github.com/projectdiscovery/nuclei-templates/tree/main/http/technologies) 实现\n  - [ ] fingerprinthub v4\n  - [ ] tidefinger\n  - [ ] kscan\n  - [ ] nmap\n\n## Thanks\n\n* [wappalyzer](https://github.com/projectdiscovery/wappalyzergo)\n* [fingerprinthub](https://github.com/0x727/FingerprintHub)\n* [ehole](https://github.com/EdgeSecurityTeam/EHole)\n* goby @XiaoliChan @9bie\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Ffingers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainreactors%2Ffingers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Ffingers/lists"}