Create a new Lua fingerprint script

The identification of a given Web Application is done through two diferent processes. The first one is signature based and the second one is via custom LUA script. It is possible to add new scripts by following some simple guidelines. All LUA scripts are stored in:

Data > Scripts > <Language>

Inside this folder, the scripts that identify a specific Web Application are stored. Each script is stored in a folder with the same name as the identified application. For example, the LUA script to fingerprint Wordpress is stored in the folder:

Data > Scripts > Php > Wordpress

To create a new script, it is necessary to create a new application folder insider the corresponding language folder. There are two files that must be defined, the first one is the descriptor file, which is an XML file that describes the script. Find below the script for the Wordpress application:

                          <LuaScriptSignature>
                          <Id>10BEAE33-CAC7-4862-BD07-9E42A12258E6</Id>
                          <ApplicationName>Wordpress</ApplicationName>
                          <TargetLanguage>Php</TargetLanguage>
                          </LuaScriptSignature>
                        
The meaning of the parameters is:

  • Id: is a GUID that identifies the script
  • ApplicationName: The application name that is identified. This name will be displayed in the results report
  • TargetLanguage: The language that was used to develop the application. For Wordpress is PHP

Global vars

In order to report to Taipan, the Application that was identified and its version, the script must set a couple of global vars that will be later used by the Taipan scanner. Each script must return a Boolean result after its execution. The meaning of the result is:

  • True: if the script was able to identify a given application version
  • False: otherwise
If the script is able to identify the application, the version must be placed in a global variable named appVersion.

The format of this variable must be compliant to the Semantic Version standard. Find below an example of this script:

                                      -- main
                                      final_uri = ""
                                      if uri:sub (uri:len ()) ~= "/" then
                                      final_uri = "/"
                                      end

                                      function checkPage (page, regex)
                                      fullpath = uri .. final_uri .. page
                                      html = getRequest (fullpath)

                                      result = false
                                      if html ~= "" then
                                      version = html:match (regex)
                                      if version ~= "" and version ~= nil then
                                      log ("Found My Application version: " .. version)
                                      appVersion = version
                                      result = true
                                      end
                                      end

                                      return result
                                      end

                                      pages = {
                                      { "index.html", "[p]Version: [^0-9.]+ ([0-9.]+)[/p]" }
                                      }

                                      for key, value in pairs (pages) do
                                      if (checkPage (value[1], value[2])) then
                                      return true
                                      end
                                      end

                                      return false
                                    

By clicking "Continue" or continuing to use our site, you acknowledge that you accept our Privacy Policy. We also use cookies to provide you with the best possible experience on our website. Feel free to check out our policies anytime for more information. Continue