转换了ehole的一些指纹

finger/ehole/1caitong.yml

@@ -14,4 +14,3 @@ rules:
             follow_redirects: true
         expression: response.body_string.contains("/custom/groupnewslist.aspx?groupid=")
 expression: r0()
-on: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9() || r10()

finger/ehole/360天擎.yml

@@ -0,0 +1,23 @@
+name: fingerprint-yaml-360天擎
+manual: false
+detail:
+    fingerprint:
+        name: 360天擎
+    fofa: title="360天擎" || header="360天擎"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("360天擎")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("360天擎"))
+expression: r0() || r1()

finger/ehole/74CMS.yml

@@ -0,0 +1,79 @@
+name: fingerprint-yaml-74CMS
+manual: false
+detail:
+    fingerprint:
+        name: 74CMS
+    fofa: body="content=\"74cms.com" && body="content=\"骑士cms" && body="powered by <a href=\"http://www.74cms.com/\"" && body="/templates/default/css/common.css" && body="selectjobscategory" || body="content=\"74cms.com" || body="content=\"骑士CMS" || body="Powered by <a href=\"http://www.74cms.com/\"" || body="selectjobscategory" && body="/templates/default/css/common.css" || body="powered by <a href=\"http://www.74cms.com/\"" || body="content=\"骑士cms" || body="/templates/default/css/common.css" || body="selectjobscategory" || body="content=\"74cms.com\""
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com') && response.body_string.contains('content="骑士cms') && response.body_string.contains('powered by <a href="http://www.74cms.com/"') && response.body_string.contains("/templates/default/css/common.css") && response.body_string.contains("selectjobscategory")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com')
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="骑士CMS')
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('Powered by <a href="http://www.74cms.com/"')
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("selectjobscategory") && response.body_string.contains("/templates/default/css/common.css")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('powered by <a href="http://www.74cms.com/"')
+    r6:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="骑士cms')
+    r7:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("/templates/default/css/common.css")
+    r8:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("selectjobscategory")
+    r9:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains('content="74cms.com"')
+expression: r0() || r1() || r2() || r3() || r4() || r5() || r6() || r7() || r8() || r9()

finger/ehole/ACTi.yml

@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ACTi
+manual: false
+detail:
+    fingerprint:
+        name: ACTi
+    fofa: body="ACTi Corporation All Rights Reserved"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ACTi Corporation All Rights Reserved")
+expression: r0()

finger/ehole/ALCASAR.yml

@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ALCASAR
+manual: false
+detail:
+    fingerprint:
+        name: ALCASAR
+    fofa: body="valoriserdiv5" || body="valoriserDiv5"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("valoriserdiv5")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("valoriserDiv5")
+expression: r0() || r1()

finger/ehole/ALERTMANAGER.yml

@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ALERTMANAGER
+manual: false
+detail:
+    fingerprint:
+        name: ALERTMANAGER
+    fofa: body="defaultcreator"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("defaultcreator")
+expression: r0()

finger/ehole/APISIX.yml

@@ -0,0 +1,23 @@
+name: fingerprint-yaml-APISIX
+manual: false
+detail:
+    fingerprint:
+        name: APISIX
+    fofa: 'body="Apache APISIX Dashboard" || header="Server: APISIX"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("Apache APISIX Dashboard")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("Server: APISIX"))'
+expression: r0() || r1()

finger/ehole/APPEX LotWAN.yml

@@ -0,0 +1,23 @@
+name: fingerprint-yaml-APPEX LotWAN
+manual: false
+detail:
+    fingerprint:
+        name: APPEX LotWAN
+    fofa: header="APPEX LotWAN" || title="APPEX LotWAN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("APPEX LotWAN"))
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("APPEX LotWAN")
+expression: r0() || r1()

finger/ehole/ASP.yml

@@ -0,0 +1,23 @@
+name: fingerprint-yaml-ASP
+manual: false
+detail:
+    fingerprint:
+        name: ASP
+    fofa: 'header="x-powered-by: asp" || body=".asp?"'
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: 'response.raw_header.bcontains(bytes("x-powered-by: asp"))'
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains(".asp?")
+expression: r0() || r1()

finger/ehole/ATEN.yml

@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ATEN
+manual: false
+detail:
+    fingerprint:
+        name: ATEN
+    fofa: title="ATEN"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("ATEN")
+expression: r0()

finger/ehole/AVCON6.yml

@@ -0,0 +1,51 @@
+name: fingerprint-yaml-AVCON6
+manual: false
+detail:
+    fingerprint:
+        name: AVCON6
+    fofa: body="filename=avcon6setup.exe" && body="language_dispose.action" || body="filename=AVCON6Setup.exe" || body="language_dispose.action" || body="avcon" || body="filename=avcon6setup.exe" || title="avcon6系统管理平台"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=avcon6setup.exe") && response.body_string.contains("language_dispose.action")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=AVCON6Setup.exe")
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("language_dispose.action")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("avcon")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("filename=avcon6setup.exe")
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.title_string.contains("avcon6系统管理平台")
+expression: r0() || r1() || r2() || r3() || r4() || r5()

finger/ehole/ActiveMQ.yml

@@ -0,0 +1,16 @@
+name: fingerprint-yaml-ActiveMQ
+manual: false
+detail:
+    fingerprint:
+        name: ActiveMQ
+    fofa: body="ACTi Corporation All Rights Reserved"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("ACTi Corporation All Rights Reserved")
+expression: r0()

finger/ehole/Analytics Cloud 分析云.yml

@@ -0,0 +1,16 @@
+name: fingerprint-yaml-Analytics Cloud 分析云
+manual: false
+detail:
+    fingerprint:
+        name: Analytics Cloud 分析云
+    fofa: icon_hash="410106848"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: faviconHash(response.getIconContent()) == 410106848
+expression: r0()

finger/ehole/AnyMacro.yml

@@ -0,0 +1,51 @@
+name: fingerprint-yaml-AnyMacro
+manual: false
+detail:
+    fingerprint:
+        name: AnyMacro
+    fofa: body="document.aa.f_email" || header="login_key" || body="document.aa.F_email" || body="AnyWebApp" || header="LOGIN_KEY" || body="anywebapp"
+transport: http
+rules:
+    r0:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("document.aa.f_email")
+    r1:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("login_key"))
+    r2:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("document.aa.F_email")
+    r3:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("AnyWebApp")
+    r4:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.raw_header.bcontains(bytes("LOGIN_KEY"))
+    r5:
+        request:
+            cache: true
+            method: GET
+            path: /
+            follow_redirects: true
+        expression: response.body_string.contains("anywebapp")
+expression: r0() || r1() || r2() || r3() || r4() || r5()