panos-scanner icon indicating copy to clipboard operation
panos-scanner copied to clipboard

Published 20 hours ago verified publisher icon noperator

How to get panos verion without etag

Open M0r41 opened this issue 2 years ago • 6 comments

When i surf the pan web, i can't find etag in header. But got "Expires: Thu, 19 Nov 1981 08:52:00 GMT" and "Strict-Transport-Security: max-age=31536000", can i get version via js or other web pages?

M0r41 avatar Mar 29 '22 03:03 M0r41

Hello, Unfortunatly since our publication of this tool, Palo Alto is now stripping the Etag responses. This tool will only work on legacy versions. And as you can see in the version-table.txt file, the returned ETag was equivalent to dates of release of the software that doesn't seem to be related to "Expires: Thu, 19 Nov 1981 08:52:00 GMT" So to my understanding, no you can't get the version with the etag reply.

k4nfr3 avatar Mar 29 '22 06:03 k4nfr3

a new version of the code will be released soon. Some URIs still have the etag enabled, and will enable version detection. Working on identifiying 2-3 years of back log of versions. PR will be done soon

k4nfr3 avatar Mar 25 '24 09:03 k4nfr3

expect

iseesec avatar Apr 11 '24 10:04 iseesec

@k4nfr3 any luck with your update and are you able to share your methodology on identifying the back versions? Happy to help.

w00dbury avatar Apr 12 '24 16:04 w00dbury

Yes it's done. I need to send pr. The time consuming work is the fingerprinting of a lot of versions

k4nfr3 avatar Apr 12 '24 17:04 k4nfr3

I'll send pr tonight. Mostly as it is high topic after today's CVE announcement

k4nfr3 avatar Apr 12 '24 17:04 k4nfr3