Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZGrab is adding a trailing slash / to URL's with http scans #451

Open
phillip-stephens opened this issue Jun 11, 2024 · 2 comments
Open

ZGrab is adding a trailing slash / to URL's with http scans #451

phillip-stephens opened this issue Jun 11, 2024 · 2 comments
Labels
bug

Comments

@phillip-stephens
Copy link
Contributor

phillip-stephens commented Jun 11, 2024
edited
Loading

Description

When scanning with the http module, it was noticed that zgrab2 is appending a single '/' character to the URL. This resulted in some target resources not being able to be scanned with ZGrab2.

Steps to Reproduce

Version of ZGrab2 - master branch, latest
ZGrab2 invocation - echo prstephens.com/src/style.css | ./zgrab2 http

tcpdump with appended /

    171.67.71.209.53166 > 104.21.96.65.80: Flags [P.], cksum 0xbc0e (incorrect -> 0xe547), seq 1:126, ack 1, win 502, options [nop,nop,TS val 512711372 ecr 1613683834], length 125: HTTP, length: 125
	GET /src/style.css/ HTTP/1.1
	Host: prstephens.com
	User-Agent: Mozilla/5.0 zgrab/0.x
	Accept: */*
	Accept-Encoding: gzip

Desired Behavior

Resources can either have or not have a trailing slash and zgrab2 should respect the user's selected input. No slash should be appended to the scanned URL.
@mzpqnxow
Copy link
Contributor

mzpqnxow commented Aug 4, 2024
edited
Loading

Description

When scanning with the http module, it was noticed that zgrab2 is appending a single '/' character to the URL. This resulted in some target resources not being able to be scanned with ZGrab2.

Steps to Reproduce

Version of ZGrab2 - master branch, latest

ZGrab2 invocation - echo prstephens.com/src/style.css | ./zgrab2 http

tcpdump with appended /


    171.67.71.209.53166 > 104.21.96.65.80: Flags [P.], cksum 0xbc0e (incorrect -> 0xe547), seq 1:126, ack 1, win 502, options [nop,nop,TS val 512711372 ecr 1613683834], length 125: HTTP, length: 125

	GET /src/style.css/ HTTP/1.1

	Host: prstephens.com

	User-Agent: Mozilla/5.0 zgrab/0.x

	Accept: */*

	Accept-Encoding: gzip

Desired Behavior

Resources can either have or not have a trailing slash and zgrab2 should respect the user's selected input. No slash should be appended to the scanned URL.

It's arguable whether this is a bug, though I understand it's not intuitive

What I can tell you for sure, though, is that the intended way to request a URL path is:

echo prstephens.com | zgrab2 http --endpoint=/src/style.css

Like I said, what you're seeing is certainly not intuitive- but it's also not how the http module was intended to be used

The input should only be the target name (or the CSV format, which allows name, ip, tag/trigger and optionally, port, all on one line)

I'm actually a little surprised that it didn't result in a host header like:

Host: prstephens.com/src/styles.css

@mzpqnxow
Copy link
Contributor

Description

When scanning with the http module, it was noticed that zgrab2 is appending a single '/' character to the URL. This resulted in some target resources not being able to be scanned with ZGrab2.

Steps to Reproduce

Version of ZGrab2 - master branch, latest

ZGrab2 invocation - echo prstephens.com/src/style.css | ./zgrab2 http

tcpdump with appended /


    171.67.71.209.53166 > 104.21.96.65.80: Flags [P.], cksum 0xbc0e (incorrect -> 0xe547), seq 1:126, ack 1, win 502, options [nop,nop,TS val 512711372 ecr 1613683834], length 125: HTTP, length: 125

	GET /src/style.css/ HTTP/1.1

	Host: prstephens.com

	User-Agent: Mozilla/5.0 zgrab/0.x

	Accept: */*

	Accept-Encoding: gzip

Desired Behavior

Resources can either have or not have a trailing slash and zgrab2 should respect the user's selected input. No slash should be appended to the scanned URL.

It's arguable whether this is a bug, though I understand it's not intuitive

What I can tell you for sure, though, is that the intended way to request a URL path is:

echo prstephens.com | zgrab2 http --endpoint=/src/style.css

Like I said, what you're seeing is certainly not intuitive- but it's also not how the http module was intended to be used

The input should only be the target name (or the CSV format, which allows name, ip, tag/trigger and optionally, port, all on one line)

I'm actually a little surprised that it didn't result in a host header like:

Host: prstephens.com/src/styles.css

In retrospect, I'm not certain about my assessment

If what I asserted is correct, it's arguably still fair to call this behavior a bug- for one, because "/" is not a valid hostname and should possibly be rejected in some way by zgrab2

It's your call either way @phillip-stephens

I could take a shot at a PR if you can determine about what the desired behavior is

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mzpqnxow @phillip-stephens