• nmap
    404会请求nice ports,/Trinity.txt.bak

  • httpx
    默认UA,但是httpx支持随机UA
    httpx - Open-source project (github.com/projectdiscovery/httpx)

  • AWVS
    匹配请求中包含域名bxss.me

  • Sqlmap
    匹配UA,sqlmap同样可修改 “%s (%s)” % (VERSION_STRING, SITE)
    即匹配https://sqlmap.org

  • Rsas
    匹配UA,Rsas

  • masscan
    匹配UA,User-Agent: masscan/1.3 (https://github.com/robertdavidgraham/masscan)

  • Appscan
    Appscan第一个请求是提交自己的MAC地址
    GET /AppScan_fingerprint/MAC_ADDRESS_真实的MAC地址.html HTTP/1.0

  • nessus
    匹配UA,nessus

  • jexboss
    请求体,http://webshell.jexboss.net/jsp_version.txt