Create a new Lua fingerprint script

The identification of a given Web Application is done through two diferent processes. The first one is signature based and the second one is via custom LUA script. It is possible to add new scripts by following some simple guidelines. All LUA scripts are stored in:

Data > Scripts > <Language>

Inside this folder, the scripts that identify a specific Web Application are stored. Each script is stored in a folder with the same name as the identified application. For example, the LUA script to fingerprint Wordpress is stored in the folder:

Data > Scripts > Php > Wordpress

To create a new script, it is necessary to create a new application folder insider the corresponding language folder. There are two files that must be defined, the first one is the descriptor file, which is an XML file that describes the script. Find below the script for the Wordpress application:

<LuaScriptSignature>
  <Id>10BEAE33-CAC7-4862-BD07-9E42A12258E6</Id>
  <ApplicationName>Wordpress</ApplicationName>
  <TargetLanguage>Php</TargetLanguage>
</LuaScriptSignature>
The meaning of the parameters is:

  • Id: is a GUID that identifies the script
  • ApplicationName: The application name that is identified. This name will be displayed in the results report
  • TargetLanguage: The language that was used to develop the application. For Wordpress is PHP

Global vars

In order to report to Taipan, the Application that was identified and its version, the script must set a couple of global vars that will be later used by the Taipan scanner. Each script must return a Boolean result after its execution. The meaning of the result is:

  • True: if the script was able to identify a given application version
  • False: otherwise
If the script is able to identify the application, the version must be placed in a global variable named appVersion.

The format of this variable must be compliant to the Semantic Version standard. Find below an example of this script:

-- main
final_uri = ""
if uri:sub (uri:len ()) ~= "/" then
	final_uri = "/"
end

function checkPage (page, regex)
	fullpath = uri .. final_uri .. page
	html = getRequest (fullpath)

	result = false
	if html ~= "" then
		version = html:match (regex)
		if version ~= "" and version ~= nil then
			log ("Found My Application version: " .. version)
			appVersion = version
			result = true
		end
	end

	return result
end

pages = {
	{ "index.html", "[p]Version: [^0-9.]+ ([0-9.]+)[/p]" }
}

for key, value in pairs (pages) do
	if (checkPage (value[1], value[2])) then
		return true
	end
end

return false

By clicking "Continue" or continuing to use our site, you acknowledge that you accept our Privacy Policy. We also use cookies to provide you with the best possible experience on our website. Feel free to check out our policies anytime for more information. Continue