{"id":13503782,"url":"https://github.com/emo-crab/observer_ward","last_synced_at":"2026-01-16T06:44:47.720Z","repository":{"id":328644601,"uuid":"1102436993","full_name":"emo-crab/observer_ward","owner":"emo-crab","description":" 侦查守卫(observer_ward)Web应用和服务指纹识别工具 (之前误删除了仓库)","archived":false,"fork":false,"pushed_at":"2026-01-13T11:04:28.000Z","size":3515,"stargazers_count":65,"open_issues_count":4,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-13T14:12:56.224Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emo-crab.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":["https://blog.kali-team.cn/donate"]}},"created_at":"2025-11-23T13:14:17.000Z","updated_at":"2026-01-13T11:04:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/emo-crab/observer_ward","commit_stats":null,"previous_names":["emo-crab/observer_ward"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/emo-crab/observer_ward","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emo-crab%2Fobserver_ward","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emo-crab%2Fobserver_ward/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emo-crab%2Fobserver_ward/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emo-crab%2Fobserver_ward/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emo-crab","download_url":"https://codeload.github.com/emo-crab/observer_ward/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emo-crab%2Fobserver_ward/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28477939,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nmap-vscan","nuclei","nuclei-templates","serivce","wappalyzer","whatweb"],"created_at":"2024-07-31T23:00:45.124Z","updated_at":"2026-01-16T06:44:47.692Z","avatar_url":"https://github.com/emo-crab.png","language":"Rust","readme":"\u003c!-- Improved compatibility of back to top link: See: https://github.com/emo-crab/observer_ward/pull/73 --\u003e\n\n\u003ca name=\"readme-top\"\u003e\u003c/a\u003e\n\n\u003c!--\n*** Thanks for checking out the observer_ward. If you have a suggestion\n*** that would make this better, please fork the repo and create a pull request\n*** or simply open an issue with the tag \"enhancement\".\n*** Don't forget to give the project a star!\n*** Thanks again! Now go create something AMAZING! :D\n--\u003e\n\n\u003c!-- PROJECT SHIELDS --\u003e\n\u003c!--\n*** I'm using markdown \"reference style\" links for readability.\n*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).\n*** See the bottom of this document for the declaration of the reference variables\n*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.\n*** https://www.markdownguide.org/basic-syntax/#reference-style-links\n--\u003e\n\n[![Contributors][contributors-shield]][contributors-url]\n[![Forks][forks-shield]][forks-url]\n[![Stargazers][stars-shield]][stars-url]\n[![Issues][issues-shield]][issues-url]\n[![MIT License][license-shield]][license-url]\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/emo-crab/observer_ward)\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n \u003ca href=\"https://github.com/emo-crab/observer_ward\"\u003e\n \u003cimg src=\"images/logo.svg\" alt=\"Logo\"\u003e\n \u003c/a\u003e\n\n\u003ch3 align=\"center\"\u003eobserver_ward(侦查守卫)\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n 服务和Web应用指纹识别工具\n \u003cbr /\u003e\n \u003ca href=\"https://github.com/emo-crab/observer_ward\"\u003eView Demo\u003c/a\u003e\n ·\n \u003ca href=\"https://github.com/emo-crab/observer_ward/issues\"\u003eReport Bug\u003c/a\u003e\n ·\n \u003ca href=\"https://github.com/emo-crab/observer_ward/issues\"\u003eRequest Feature\u003c/a\u003e\n \u003c/p\u003e\n\u003c/div\u003e\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n\n## 关于这个项目\n\n- 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。\n\n| 类别 | 说明 |\n| ---- | ----------------------------------------------------------------- |\n| 作者 | [三米前有蕉皮](https://github.com/cn-kali-team) |\n| 团队 | [0x727](https://github.com/0x727) 未来一段时间将陆续开源工具 |\n| 定位 | 社区化[指纹库](https://github.com/0x727/FingerprintHub)识别工具。 |\n| 语言 | Rust |\n| 功能 | 服务和Web应用指纹识别工具 |\n\n![Product Name Screen Shot][product-screenshot]\n\n- 基于yaml编写探针,匹配规则和提取器\n- 支持服务和Web应用版本识别\n- 使用nvd标准通用平台枚举 ([CPE](https://scap.kali-team.cn/cpe/)) 命名规范\n- [社区化指纹库](https://github.com/0x727/FingerprintHub)和nmap服务探针\n- 集成 [Nuclei](https://github.com/projectdiscovery/nuclei) 验证漏洞\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- INSTALL --\u003e\n\n## 安装\n\n### 源码安装\n\n- 从源码编译安装,更多可以查看github的action工作流文件 [workflow](.github/workflows/post-release.yml)\n\n```bash,no-run\ncargo build --release --manifest-path=observer_ward/Cargo.toml\n```\n\n### 二进制安装\n\n- 从发布页面下载 [release](https://github.com/emo-crab/observer_ward/releases)\n- 如果是Mac系统可以通过brew安装\n\n### 使用Mac系统brew安装\n\n```bash,no-run\nbrew install observer_ward\n```\n\n### Docker镜像\n\n- docker镜像,`observer_ward`只有指纹识别功能\n\n```bash,no-run\n➜ docker run --rm -it kaliteam/observer_ward -t http://172.17.0.2\n[INFO ] probes loaded: 2223\n[INFO ] optimized probes: 7\n[INFO ] target loaded: 1\n|_uri:[ http://172.17.0.2/ [apache-http] \u003c\u003e (200 OK) ]\n|_uri:[ http://172.17.0.2/ [thinkphp] \u003c\u003e (200 OK) ]\n```\n\n- `kaliteam/observer_ward:nuclei`是内置nuclei,在默认配置文件夹有`plugins`目录,但是更新时间不会最新了,是构建docker时的版本\n\n```bash,no-run\n➜ docker run --rm -it kaliteam/observer_ward:nuclei -t http://172.17.0.2 --plugin default\n[INFO ] probes loaded: 2223\n[INFO ] optimized probes: 7\n[INFO ] target loaded: 1\n|_uri:[ http://172.17.0.2/ [apache-http] \u003c\u003e (200 OK) ]\n|_uri:[ http://172.17.0.2/ [thinkphp] \u003c\u003e (200 OK) ]\n |_exploitable: [Critical] thinkphp-5023-rce: ThinkPHP 5.0.23 - Remote Code Execution\n |_matched_at: http://172.17.0.2/index.php?s=captcha\n |_shell: curl -X 'POST' -d '_method=__construct\u0026filter[]=phpinfo\u0026method=get\u0026server[REQUEST_METHOD]=1' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.3.23' 'http://172.17.0.2/index.php?s=captcha'\n```\n\n\u003c!-- GETTING STARTED --\u003e\n\n## 入门\n\n```bash,no-run\n➜ ~ ./observer_ward -u\n➜ ~ ./observer_ward -t http://httpbin.org/\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🎯target loaded: 1\n[INFO ] 🚀optimized probes: 8\n🎯:[ http://httpbin.org/ [0example,swagger] \u003chttpbin.org\u003e (200 OK) ]\n```\n\n- 使用帮助\n\n```bash,no-run\n➜ ./observer_ward --help \nUsage: observer_ward [-l \u003clist\u003e] [-t \u003ctarget...\u003e] [-p \u003cprobe-path\u003e] [--probe-dir \u003cprobe-dir...\u003e] [--ua \u003cua\u003e] [--mode \u003cmode\u003e] [--timeout \u003ctimeout\u003e] [--thread \u003cthread\u003e] [--proxy \u003cproxy\u003e] [--ir] [--ic] [--plugin \u003cplugin\u003e] [-o \u003coutput\u003e] [--format \u003cformat\u003e] [--no-color] [--nuclei-args \u003cnuclei-args...\u003e] [--silent] [--debug] [--config-dir \u003cconfig-dir\u003e] [--update-self] [-u] [--update-plugin] [--daemon] [--token \u003ctoken\u003e] [--webhook \u003cwebhook\u003e] [--webhook-auth \u003cwebhook-auth\u003e] [--api-server \u003capi-server\u003e] [--mitm \u003cmitm\u003e] [--mcp] [--prompt-path \u003cprompt-path\u003e] [--asynq-redis \u003casynq-redis\u003e] [--asynq-mode \u003casynq-mode\u003e]\n\nobserver_ward\n\nOptions:\n -l, --list multiple targets from file path\n -t, --target the target (required)\n -p, --probe-path customized fingerprint file path\n --probe-dir customized fingerprint yaml file dir\n --ua customized ua\n --mode mode probes option[tcp,http,all] default: all\n --timeout set request timeout.\n --thread number of concurrent threads.\n --proxy proxy to use for requests\n (ex:[http(s)|socks5(h)]://host:port)\n --ir include request/response pairs in output\n --ic include certificate pairs in output\n --plugin customized template dir\n -o, --output export to the file\n --format output format option[json,csv,txt] default: txt\n --no-color disable output content coloring\n --nuclei-args poc nuclei engine additional args\n --silent silent mode\n --debug debug mode\n --config-dir customized template dir\n --update-self update self\n -u, --update-fingerprint\n update fingerprint\n --update-plugin update plugin\n --daemon api background service\n --token api Bearer authentication\n --webhook send results to webhook server\n (ex:https://host:port/webhook)\n --webhook-auth the auth will be set to the webhook request header\n AUTHORIZATION\n --api-server start a web API service (ex:127.0.0.1:8080)\n --mitm start a MITM proxy server (ex:127.0.0.1:1080)\n --mcp enable stdio mcp server\n --prompt-path read the path file and customize the LLM to generate prompt\n --asynq-redis redis URI for asynq task queue (ex:redis://127.0.0.1:6379)\n --asynq-mode asynq mode option[receive,send,both] default: receive\n --help, help display usage information\n```\n\n| 参数名 | 作用和描述 |\n|-------------------------|--------------------------------------------------------------------------|\n| -l,--list | 从文件中读取目标列表,一行一个目标 |\n| -t,--target | 单个或者多个目标 |\n| -p,--probe | json探针路径(如果和`--probe-dir`一起使用,该参数为转换json后的输出文件路径) |\n| --probe-dir | yaml探针目录(如果和`--probe`一起使用,会读取该目录下的全部yaml文件转换为一个json文件) |\n| --ua | 设置请求头 |\n| --mode | 识别模式:[tcp,http,all],默认http,也就是当目标没有协议的时候会尝试添加web协议再去识别 |\n| --timeout | 请求和连接超时,单位为秒 |\n| --thread | 同时识别的线程数,默认为cpu的核数 |\n| --proxy | 设置代理服务器,支持http和socks5,例如:`https://username:password@your-proxy.com:port` |\n| --ir | 在json结果中保存请求和响应,保存请求响应可能比较消耗内存 |\n| --ic | 在json结果中保存证书数据 |\n| --plugin | 指定nuclei插件路径,会开启nuclei验证漏洞,如果路径为`default`默认调用配置文件夹下的`plugins`目录 |\n| -o,--output | 将结果保存到文件,如果文件后缀名是下面格式支持的可以省略`--format`参数 |\n| --format | 输出格式:支持`json`,`csv`和`txt`,在保存文件的时候会根据文件后缀自动识别 |\n| --no-color | 禁用颜色输出 |\n| --nuclei-args | nuclei的额外参数,会按照空格分割追加到调用nuclei参数,例如:`-es info`,排除info插件,支持多个 |\n| --silent | 静默模式,不打印任何信息,常用在命令行管道作为输入源 |\n| --debug | 开启调试模式,会输出更多信息,包括请求和响应,提取到的图标哈希,nuclei调用命令行等信息 |\n| --config-dir | 指定配置文件夹,默认在用户配置文件夹下的`observer_ward`目录 |\n| --update-self | 更新程序自身版本,也就是该项目的`defaultv4`发布标签 |\n| -u,--update-fingerprint | 更新指纹到配置文件夹,会覆盖`web_fingerprint_v4.json`文件 |\n| --update-plugin | 更新社区nuclei插件到配置文件夹,会自动解压zip并且覆盖`plugins`目录 |\n| --daemon | api服务后台运行,window不支持 |\n| --token | api服务认证token |\n| --webhook | 要将识别结果通过webhook发送到指定url |\n| --webhook-auth | webhook的`AUTHORIZATION`认证 |\n| --api-server | api监听地址的端口 |\n| --mitm | 启动 MITM 代理服务器(示例:127.0.0.1:1080) |\n| --mcp | 启用 stdio mcp 服务 |\n| --prompt-path | 读取路径文件并自定义 LLM 用于生成 prompt |\n| --asynq-redis | asynq 任务队列的 Redis URI(示例:redis://127.0.0.1:6379) |\n| --asynq-mode | asynq 模式选项 [receive,send,both],默认:receive |\n| --help | 打印帮助信息 |\n\n### 更新指纹库\n\n- 从github下载指纹库,默认只更新web指纹,如果需要加载服务指纹需要自行下载[service_fingerprint_v4.json](https://0x727.github.io/FingerprintHub/service_fingerprint_v4.json)\n 到配置文件夹。\n\n- 默认不更新服务指纹\n\n```bash,no-run\n➜ ./observer_ward -u\n```\n\n- 默认的指纹文件名有两个`web_fingerprint_v4.json`和`service_fingerprint_v4.json`,如果在配置文件夹中存在将会自动加载。\n- 例如:`web_fingerprint_v4.json`文件在配置文件夹下的路径\n\n| 操作系统 | 保存路径 |\n| -------- | ------------------------------------------------------------------------------ |\n| Windows | C:\\Users\\Alice\\AppData\\Roaming\\observer_ward\\web_fingerprint_v4.json |\n| Linux | /home/alice/.config/observer_ward/web_fingerprint_v4.json |\n| macOS | /Users/Alice/Library/Application Support/observer_ward/web_fingerprint_v4.json |\n\n- 指定yaml文件夹`--probe-dir`和单个json文件`--probe-path`参数将全部yaml文件转换为一个单json文件,方便携带\n- 然后将这个json文件复制到配置文件夹\n\n```base,no-run\n➜ ./observer_ward --probe-dir web_fingerprint --probe-dir service_fingerprint/null -p fingerprint_v4.json\n[INFO ] ℹ️ convert the 6183 yaml file of the probe directory to a json file fingerprint_v4.json\n```\n\n- 例如你可以将`FingerprintHub`项目下的服务指纹中`null`探针转换为json文件,并保存到配置文件夹\n\n```\n➜ ~ ./observer_ward --probe-dir FingerprintHub/service-fingerprint/null -p .config/observer_ward/service_fingerprint_v4.json\n[INFO ] ℹ️ convert the 3960 yaml file of the probe directory to a json file .config/observer_ward/service_fingerprint_v4.json\n```\n\n\u003c!-- USAGE EXAMPLES --\u003e\n\n### 调试模式\n\n- 使用`--debug`开启调试模式,可以看到更详细的输出结果\n\n\u003cdetails\u003e\n\n```bash,no-run\n➜ ./observer_ward -t http://httpbin.org -p observer_ward/examples/json.yaml --debug \n[INFO ] 📇probes loaded: 1 \n[INFO ] 🎯target loaded: 1 \n[INFO ] 🚀optimized probes: 1 \n[DEBUG] start: http://httpbin.org/ \n[DEBUG] Request { \n uri: http://httpbin.org/ip, \n version: HTTP/1.1, \n method: GET, \n headers: { \n \"accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\", \n \"content-type\": \"application/json\", \n }, \n body: None, \n raw_request: None, \n }\n[DEBUG] Response {\n version: HTTP/1.1,\n uri: http://httpbin.org/ip,\n status_code: 200,\n headers: {\n \"date\": \"Mon, 08 Jul 2024 13:19:59 GMT\",\n \"content-type\": \"application/json\",\n \"content-length\": \"32\",\n \"connection\": \"keep-alive\",\n \"server\": \"gunicorn/19.9.0\",\n \"access-control-allow-origin\": \"*\",\n \"access-control-allow-credentials\": \"true\",\n },\n extensions: Extensions,\n body: Some(\n {\n \"origin\": \"1.1.1.1\"\n }\n ,\n ),\n }\n[DEBUG] end: http://httpbin.org/\n🎯:[ http://httpbin.org/]\n🎯:[ http://httpbin.org/ip [httpbin-ip] \u003c\u003e]\n |_📰: ip:[\"1.1.1.1\"]\n```\n\n\u003c/details\u003e\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n### MITM(中间人代理)支持\n\nobserver_ward 支持以 MITM(中间人代理)模式被动获取请求/响应并进行指纹识别,适合在代理场景下对真实流量进行被动指纹匹配。\n\n启用要点:\n\n- MITM 功能由 crate 特性 `mitm` 控制;默认特性包含 `mitm`,若使用自定义特性请确保启用该特性。\n- 启动程序时使用 `--mitm \u003caddr\u003e` 参数指定监听地址(例如 `127.0.0.1:1080`)。\n\n本地启动示例:\n\n```bash;no-run\n➜ ./observer_ward --mitm 127.0.0.1:1080\n INFO 📇probes loaded: 3131\n INFO 🚀optimized probes: 9\n INFO 🔌Starting MITM proxy server on 127.0.0.1:1080\n INFO 🌐MITM proxy service started: http://127.0.0.1:1080\n INFO 📔Configure your browser or tool to use this proxy\n INFO 🔑CA certificate path: .slinger-mitm/ca_cert.pem\n```\n\n使用说明:\n\n- 启动后会在日志中输出代理监听地址和 CA 证书路径`.slinger-mitm/ca_cert.pem`,导入 CA 证书以信任代理后即可拦截 HTTPS 流量。\n- der格式证书可以使用 `openssl x509 -in ca_cert.pem -outform DER -out cacert.der`进行转换\n- 被拦截的响应会异步提交给指纹引擎进行匹配,匹配到的结果会通过已有的输出方式(终端、文件、webhook 等)返回。\n- 如果设置`--proxy`会使用上游代理,也就是流量会先经过observer_ward的mitm代理再经过上游代理发送请求。\n- 若构建未启用 `mitm` 特性,启动时会提示特性未启用并返回错误。\n\n\n### Asynq(Redis 分布式任务队列)支持\n\nobserver_ward 集成了基于 Redis 的任务队列([asynq](https://github.com/emo-crab/asynq)),可以把指纹识别任务通过 Redis 入队,worker 会从队列取出任务并处理;worker 也可以把处理结果发送回结果队列。\n\n启用要点:\n\n- Asynq 功能由 crate 特性 `asynq_task` 控制;默认特性包含 `asynq_task`,若使用自定义特性请确保启用该特性。\n- 使用 `--asynq-redis \u003credis_uri\u003e` 指定 Redis 连接(例如 `redis://127.0.0.1:6379`)。\n- 使用 `--asynq-mode \u003cmode\u003e` 指定模式:`receive`只从redis接受任务、`send`只发送识别结果到redis、`both`从redis接收任务并且将识别结果返回到redis。推荐 `both` 模式用于完整的收发流程。\n\n启动 worker 示例(本地 Redis,both 模式):\n\n```bash;no-run\n➜ ./observer_ward --asynq-redis redis://127.0.0.1:6379 --asynq-mode both\n```\n\n发送任务示例:项目中包含示例程序 `observer_ward/examples/send_asynq_task.rs`,用于把示例任务入队。\n\n```bash;no-run\ncargo run --manifest-path observer_ward/Cargo.toml --example send_asynq_task\n```\n\n任务载荷示例:\n\n- Uri(主动请求)任务示例:\n\n```json\n{\n \"task_id\": \"example-123456\",\n \"input\": {\n \"type\": \"uri\",\n \"target\": [\"http://example.com\"]\n }\n}\n```\n\n- HttpData(被动匹配)任务示例:\n\n```json\n{\n \"task_id\": \"example-123456\",\n \"input\": {\n \"type\": \"http_data\",\n \"request\": {\n \"uri\": \"http://example.com/\",\n \"method\": \"GET\",\n \"headers\": null,\n \"body\": null\n },\n \"response\": {\n \"uri\": \"http://example.com/\",\n \"status_code\": 200,\n \"headers\": null,\n \"body\": \"\u003c!doctype html\u003e...\u003c/html\u003e\"\n }\n }\n}\n```\n\n说明:`HttpData` 中的 `request` / `response` 采用 `slinger` 的序列化格式;如果需要更精确的序列化形式,请参考 `slinger` 的定义。\n\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n### 目标输入\n\n- 使用`--target`或者`-t`指定一个或者多个uri目标\n\n```bash,no-run\n➜ ~ ./observer_ward -t https://www.example.com/ -t http://httpbin.org \n[INFO ] 📇probes loaded: 6183\n[INFO ] 🎯target loaded: 2\n[INFO ] 🚀optimized probes: 8\n🎯:[ https://www.example.com/ \u003cExample Domain\u003e (200 OK) ]\n🎯:[ http://httpbin.org/ [0example,swagger] \u003chttpbin.org\u003e (200 OK) ]\n```\n\n- 使用`--list`或者`-l`指定一个目标列表文件\n\n```bash,no-run\n➜ ~ ./observer_ward -l target.txt \n[INFO ] 📇probes loaded: 6183\n[INFO ] 🎯target loaded: 3\n[INFO ] 🚀optimized probes: 8\n🎯:[ tcp://127.0.0.1:22/ [ssh] \u003cSSH-2.0-OpenSSH_9.7\u003e]\n |_📰: version:[9.7] info:[protocol 2.0] \n🎯:[ http://172.17.0.2/ [apache-http] \u003c\u003e]\n🎯:[ http://172.17.0.2/ [thinkphp] \u003c\u003e]\n🎯:[ http://httpbin.org/ [swagger,0example] \u003chttpbin.org\u003e (200 OK) ]\n```\n\n- 从标准输入读取目标\n\n```bash,no-run\n➜ ~ echo http://172.17.0.2 | ./observer_ward \n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🎯target loaded: 1\n🎯:[ http://172.17.0.2/ [apache-http] \u003c\u003e]\n🎯:[ http://172.17.0.2/ [thinkphp] \u003c\u003e]\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n### 结果输出\n\n- 使用`--output`或者`-o`将结果保存到指定文件路径\n\n```bash,no-run\n➜ ~ ./observer_ward -t https://www.example.com/ -o output.txt\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🎯target loaded: 1\n➜ ~ cat output.txt \n🎯:[ https://www.example.com/ \u003cExample Domain\u003e (200 OK) ]\n```\n\n- 如果是保存到文件输出格式会根据文件后缀自动切换,也可以使用`--format`参数指定输出格式,支持: `txt`,`json`,`csv`\n\n```bash,no-run\n➜ ~ ./observer_ward -t https://httpbin.org/ -o output.json\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🎯target loaded: 1\n➜ ~ cat output.json \n{\"https://httpbin.org/\":{\"title\":[\"httpbin.org\"],\"status\":200,\"favicon\":{\"https://httpbin.org/static/favicon.ico\":{\"md5\":\"3aa2067193b2ed83f24c30bd238a717c\",\"mmh3\":\"-1296740046\"}},\"name\":[\"swagger\"],\"fingerprints\":[{\"matcher-results\":[{\"template\":\"swagger\",\"info\":{\"name\":\"swagger\",\"author\":\"cn-kali-team\",\"tags\":\"detect,tech,swagger\",\"severity\":\"info\",\"metadata\":{\"product\":\"swagger\",\"vendor\":\"00_unknown\",\"verified\":true}},\"matcher-name\":[\"swagger-ui.css\"],\"extractor\":{}}],\"matched-at\":\"https://httpbin.org/\"}],\"nuclei\":{}}}\n```\n\n- 再保存文件的同时也会在终端打印进度信息,如果要想只打印纯结果数据可以使用`--silent`开启静默模式,例如:我只想打印`json`\n 格式的数据并输出到jq\n\n```bash,no-run\n➜ ~ ./observer_ward_amd64 -t http://172.17.0.2 --format json --ir --ic --silent |jq\n```\n\n- 其中的`--ir`和`--ic`分别为保存结果的请求响应和证书信息\n\n- 使用`--webhook`指定要将结果发送到的服务器url,如果webhook服务器有认证也可以使用`--webhook-auth`添加值到`Authorization`\n 请求头\n\n```python\nfrom flask import Flask, request\n\napp = Flask(__name__)\n\n\n@app.route(\"/webhook\", methods=['POST'])\ndef observer_ward_webhook():\n print(\"Authorization: \", request.headers.get(\"Authorization\"))\n print(request.json)\n return 'ok'\n\n\nif __name__ == '__main__':\n app.run()\n```\n\n- 例如先在本地启动一个简易webhook服务器\n\n```bash,no-run\n➜ observer_ward git:(main) ✗ python observer_ward/examples/webhook.py\n * Serving Flask app 'webhook'\n * Debug mode: off\nWARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.\n * Running on http://127.0.0.1:5000\nPress CTRL+C to quit\n```\n\n- 将结果发送到本地webhook服务器:`http://127.0.0.1:5000`,当识别完成后你将可以在webhook服务器接收到结果\n\n```bash,no-run\n➜ ~ ./observer_ward -t http://httpbin.org --webhook http://127.0.0.1:5000/webhook --webhook-auth 22e038328151a7a06fd4ebfa63a10228\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🎯target loaded: 1\n🎯:[ http://httpbin.org/ [swagger,0example] \u003chttpbin.org\u003e (200 OK) ]\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n### 更新nuclei插件\n\n- 使用`--update-plugin`更新nuclei插件到配置文件夹的`plugins`目录\n- 当然你也可以手动将[plugins.zip](https://github.com/0x727/FingerprintHub/releases/download/defaultv4/plugins.zip)\n 下载到配置文件夹并解压\n- 注意:每次更新会将原来插件文件夹删除掉再解压,如果你有自己的插件需要单独存放在别的文件夹\n\n### 集成nuclei验证漏洞\n\n- 开启该功能前先安装最新版的[nuclei](https://github.com/projectdiscovery/nuclei)到系统环境变量,使得程序可以在命令行中正常调用\n- 使用`--plugin`指定nuclei的template文件夹开启nuclei,这个`plugins`文件夹可以到社区指纹库项目下载\n- 当`--plugin`的参数为`default`时,默认使用配置文件夹中的`plugins`文件夹,也就是使用`--update-plugin`下载的插件\n- 文件夹结构为`厂商/产品/nuclei的yaml文件`,如果识别到的指纹解析cpe后得到了厂商和产品在这个文件夹可以找到就会调用这个文件夹下面的yaml进行漏洞验证\n- 例如:指纹识别到了`tomcat`,通过解析cpe得到厂商为`apache`和产品为`tomcat`,调用`apache/tomcat`文件夹下面的全部yaml验证漏洞\n\n```bash,no-run\n➜ ~ ./observer_ward -t http://172.17.0.2/ --plugin default\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🎯target loaded: 1\n🎯:[ http://172.17.0.2/ [apache-http] \u003c\u003e]\n🎯:[ http://172.17.0.2/ [thinkphp] \u003c\u003e]\n |_🐞: [Critical] thinkphp-5023-rce: ThinkPHP 5.0.23 - Remote Code Execution\n |_🔥: http://172.17.0.2/index.php?s=captcha\n |_🐚: curl -X 'POST' -d '_method=__construct\u0026filter[]=phpinfo\u0026method=get\u0026server[REQUEST_METHOD]=1' -H 'Accept: */*' -H 'Accept-Language: en' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/17.4' 'http://172.17.0.2/index.php?s=captcha'\n```\n\n- 使用`--nuclei-args`追加nuclei参数,例如:上传结果到云端和排除信息插件\n\n```bash,no-run\n➜ ~ ./observer_ward -t http://172.17.0.2/ --plugin default --nuclei-args \"-cloud-upload\" --nuclei-args \"-es info\"\n```\n\n### 开启Web服务\n\n- 使用`--api-server`指定监听IP和端口,`--token`设置api的`Bearer`认证\n\n```bash,no-run\n➜ ~ ./observer_ward --api-server 127.0.0.1:8000 --token 22e038328151a7a06fd4ebfa63a10228\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🌐API service has been started: http://127.0.0.1:8000/v1/observer_ward\n[INFO ] 📔:curl --request POST \\\n --url http://127.0.0.1:8000/v1/observer_ward \\\n --header 'Authorization: Bearer 22e038328151a7a06fd4ebfa63a10228' \\\n --json '{\"target\":[\"https://httpbin.org/\"]}'\n[INFO ] 🗳:[result...]\n```\n\n- 使用curl请求api,同时设置`Authorization`参数\n\n```bash,no-run\n➜ ~ curl --request POST \\ \n --url http://127.0.0.1:8000/v1/observer_ward \\\n --header 'Authorization: Bearer 22e038328151a7a06fd4ebfa63a10228' \\\n --json '{\"target\":[\"https://httpbin.org/\"]}'\n{\"https://httpbin.org/\":{\"title\":[\"httpbin.org\"],\"status\":200,\"favicon\":{\"https://httpbin.org/static/favicon.ico\":{\"md5\":\"3aa2067193b2ed83f24c30bd238a717c\",\"mmh3\":\"-1296740046\"}},\"name\":[\"swagger\"],\"fingerprints\":[{\"matcher-results\":[{\"template\":\"swagger\",\"info\":{\"name\":\"swagger\",\"author\":\"cn-kali-team\",\"tags\":\"detect,tech,swagger\",\"severity\":\"info\",\"metadata\":{\"product\":\"swagger\",\"vendor\":\"00_unknown\",\"verified\":true}},\"matcher-name\":[\"swagger-ui.css\"],\"extractor\":{}}],\"matched-at\":\"https://httpbin.org/\"}],\"nuclei\":{}}}\n```\n\n- 通过api获取当前config,这些字段都是可以通过每次的POST请求创建识别任务中配置\n\n```bash,no-run\n➜ ~ curl --request GET \\\n --url http://127.0.0.1:8000/v1/config \\\n --header 'Authorization: Bearer 22e038328151a7a06fd4ebfa63a10228' \\\n --header 'Content-Type: application/json'\n{\"target\":[],\"ua\":\"Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0\",\"timeout\":10,\"thread\":4,\"ir\":false,\"ic\":false,\"update-fingerprint\":false,\"update-plugin\":false,\"webhook\":null,\"webhook-auth\":null}\n```\n\n- 设置`update-plugin`和`update-fingerprint`为`true`更新指纹库和nuclei的插件库\n\n```bash,no-run\n➜ ~ curl --request POST \\\n --url http://127.0.0.1:8000/v1/config \\\n --header 'Authorization: Bearer 22e038328151a7a06fd4ebfa63a10228' \\\n --json '{\"target\":[],\"update-plugin\":true,\"update-fingerprint\":true}'\n{\"target\":[],\"ua\":\"Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0\",\"timeout\":10,\"thread\":4,\"ir\":false,\"ic\":false,\"update-fingerprint\":true,\"update-plugin\":true,\"webhook\":null,\"webhook-auth\":null\n```\n\n- 如果同时开启了`--webhook`或者提交的任务配置中的`webhook`不为空,请求api后会在后台运行任务,结果将通过webhook发送到指定服务器\n\n- 如果不想监听本地端口也可以指定`--api-server`参数为unix-socket文件路径,使用socket over http\n\n```bash,no-run\n➜ ~ ./observer_ward --api-server /tmp/observer_ward.socket\n[INFO ] 📇probes loaded: 6183\n[INFO ] 🚀optimized probes: 8\n[INFO ] 🌐API service has been started: /tmp/observer_ward.socket\n[INFO ] 📔:curl --request POST \\\n --unix-socket /tmp/observer_ward.socket \\\n --url http://localhost/v1/observer_ward \\\n --header 'Authorization: Bearer 22e038328151a7a06fd4ebfa63a10228' \\\n --json '{\"target\":[\"https://httpbin.org/\"]}'\n[INFO ] 🗳:[result...]\n```\n\n\u003c!-- CONTRIBUTING --\u003e\n\n## 提交指纹\n\n- observer_ward使用到的指纹规则全部来自[FingerprintHub](https://github.com/0x727/FingerprintHub)项目。\n- 如果需要获取指纹库和提交指纹规则,请查看[FingerprintHub](https://github.com/0x727/FingerprintHub)项目。\n\n## 为observer_ward做贡献\n\n### 提交代码\n\n- 点击Fork按钮克隆这个项目到你的仓库\n\n```bash,no-run\ngit clone git@github.com:你的个人github用户名/observer_ward.git\n```\n\n- 添加上游接收更新\n\n```bash,no-run\ncd observer_ward\ngit remote add upstream git@github.com:emo-crab/observer_ward.git\ngit fetch upstream\n```\n\n- 配置你的github个人信息\n\n```bash,no-run\ngit config --global user.name \"$GITHUB_USERNAME\"\ngit config --global user.email \"$GITHUB_EMAIL\"\ngit config --global github.user \"$GITHUB_USERNAME\"\n```\n\n- 拉取所有分支的规则\n\n```bash,no-run\ngit fetch --all\ngit fetch upstream\n```\n\n- **不要**直接在`main`分支上修改,例如我想修改某个bug,创建一个新的分支并切换到新的分支。\n\n```bash,no-run\ngit checkout -b dev\n```\n\n- 修改完成后,测试通过\n```bash,no-run\ncargo clippy --fix --allow-dirty --workspace --all-features --all-targets -- -D warnings --allow deprecated\n```\n- 跟踪修改和提交Pull-Requests。\n\n```bash,no-run\ngit add 你添加或者修改的文件名\ngit commit -m \"添加你的描述\"\ngit push origin dev\n```\n\n- 打开你Fork这个项目的地址,点击与上游合并,等待审核合并代码。\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- LICENSE --\u003e\n\n## License\n\nDistributed under the `GPL-3.0-only` License. See `LICENSE` for more information.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- CONTACT --\u003e\n\n## Contact\n\nYour Name - [@Kali_Team](https://twitter.com/Kali_Team) - root@kali-team.cn\n\nProject Link: [https://github.com/emo-crab/observer_ward](https://github.com/emo-crab/observer_ward)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- ACKNOWLEDGMENTS --\u003e\n\n## Acknowledgments\n\n- [slinger](https://github.com/emo-crab/slinger)\n- [asynq](https://github.com/emo-crab/asynq)\n- [nuclei](https://github.com/projectdiscovery/nuclei)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/emo-crab/observer_ward.svg)](https://github.com/emo-crab/observer_ward)\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n\n[contributors-shield]: https://img.shields.io/github/contributors/emo-crab/observer_ward.svg?style=for-the-badge\n[contributors-url]: https://github.com/emo-crab/observer_ward/graphs/contributors\n[forks-shield]: https://img.shields.io/github/forks/emo-crab/observer_ward.svg?style=for-the-badge\n[forks-url]: https://github.com/emo-crab/observer_ward/network/members\n[stars-shield]: https://img.shields.io/github/stars/emo-crab/observer_ward.svg?style=for-the-badge\n[stars-url]: https://github.com/emo-crab/observer_ward/stargazers\n[issues-shield]: https://img.shields.io/github/issues/emo-crab/observer_ward.svg?style=for-the-badge\n[issues-url]: https://github.com/emo-crab/observer_ward/issues\n[license-shield]: https://img.shields.io/github/license/emo-crab/observer_ward.svg?style=for-the-badge\n[license-url]: https://github.com/emo-crab/observer_ward/blob/master/LICENSE.txt\n[product-screenshot]: images/screenshot.png\n[crates-shield]: https://img.shields.io/crates/v/observer_ward.svg?style=for-the-badge\n[crates-url]: https://crates.io/crates/observer_ward\n","funding_links":["https://blog.kali-team.cn/donate"],"categories":["Applications","Rust"],"sub_categories":["Security tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femo-crab%2Fobserver_ward","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femo-crab%2Fobserver_ward","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femo-crab%2Fobserver_ward/lists"}