httpx icon indicating copy to clipboard operation
httpx copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Added probe to identify copyright year

Open nyxgeek opened this issue 1 year ago • 5 comments
trafficstars

Added copyright probe, useful for identifying old software

  • If copyright indicators are found near a year, will print those years ([Copyright: 2004])
  • If no copyright indicators exist, will print any years found, 1990-2024 ([Possible Years: 2012 2014])

Closes #1965

nyxgeek avatar Oct 17 '24 00:10 nyxgeek

Thanks for your contribution @nyxgeek !

We also have a Discord server, which you’re more than welcome to join. It's a great place to connect with fellow contributors and stay updated with the latest developments!

GeorginaReeder avatar Oct 17 '24 10:10 GeorginaReeder

Updated and tested, should be good.

nyxgeek avatar Oct 22 '24 00:10 nyxgeek

Isn't better a nuclei template?

Mzack9999 avatar Nov 08 '24 14:11 Mzack9999

Isn't better a nuclei template?

I don't use nuclei, but I do use my fork of httpx all the time on giant internal pentests because it's super easy to find the old software with this feature.

nyxgeek avatar Nov 08 '24 21:11 nyxgeek

I think a nuclei template like the following one should do the job as internally nuclei already uses httpx for pre-flight:

id: copyright-year-detector
info:
  name: Copyright Year Detector
  author: AI
  severity: info
  description: Detects copyright years in web responses to identify potentially outdated software
  tags: tech,copyright

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "copyright"
          - "©"
          - "(c)"
          - "(C)"
        condition: or

    extractors:
      - type: regex
        name: copyright-years
        group: 1
        regex:
          - '(?i)(?:copyright|©|\(c\)|\(C\)|©|©)\s*(?:[a-zA-Z0-9 ,-]+\s*)?[\s,]*(\d{4}(?:\s*-\s*\d{4})?)'
        
      - type: regex
        name: possible-years
        group: 1
        regex:
          - '[^0-9]((?:199[0-9]|20[0-2][0-9])(?:\s*-\s*(?:199[0-9]|20[0-2][0-9]))?)[^0-9]'

$ nuclei -t copyright-year.yaml -u https://projectdiscovery.io       

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.7

                projectdiscovery.io

[WRN] Found 1 templates loaded with deprecated protocol syntax, update before v3 for continued support.
[INF] Current nuclei version: v3.3.7 (outdated)
[INF] Current nuclei-templates version: v10.1.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 114
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[copyright-year-detector:copyright-years] [http] [info] https://projectdiscovery.io ["2024"]
[copyright-year-detector:possible-years] [http] [info] https://projectdiscovery.io ["2021","2015","2014","2019","2018","2002","2029","1996","2003","2022","2007","2006","2000","1997","2008","2025","1994","1995","2024","2027","2023"]

Mzack9999 avatar Dec 17 '24 22:12 Mzack9999

After reviewing the proposed functionality, we've decided to close this PR, as the use case it addresses can be effectively covered using a custom Nuclei template. This approach keeps httpx focused on its core responsibilities while still allowing users to achieve the desired behavior through flexible, template-driven scanning in Nuclei.

We appreciate your effort and encourage you to explore implementing this via Nuclei. Feel free to reach out if you'd like guidance on writing a suitable template.

Thanks again!

Mzack9999 avatar Jul 17 '25 13:07 Mzack9999