From c98c780ded0f7b9ef4288fdc4945a9ac492e9074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emmanuel=20Fust=C3=A9?= Date: Tue, 13 Feb 2024 15:00:19 +0100 Subject: [PATCH] MongoDB identification fix The actual code grep for "MongoDB" keyword in the head of the HTTP session. In case of "compressed" HTML, a big page is on one line. On a IT page, we could encounter the "MongoDB" keyword and miss-identify the application protocol. Fixed by matching on a longuer string taken from a live MogoDB server. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 1c804da..35fd462 100755 --- a/testssl.sh +++ b/testssl.sh @@ -2113,7 +2113,7 @@ service_detection() { [[ -z "$SERVICE" ]] && head $TMPFILE | grep -Eaqi "jabber|xmpp" && SERVICE=XMPP [[ -z "$SERVICE" ]] && head $TMPFILE | grep -Eaqw "Jive News|InterNetNews|NNRP|INN|Kerio Connect|NNTP Service|Kerio MailServer|NNTP server" && SERVICE=NNTP # MongoDB port 27017 will respond to a GET request with a mocked HTTP response - [[ "$SERVICE" == HTTP ]] && head $TMPFILE | grep -Eaqw "MongoDB" && SERVICE=MongoDB + [[ "$SERVICE" == HTTP ]] && head $TMPFILE | grep -Eaqw "you are trying to access MongoDB over HTTP" && SERVICE=MongoDB debugme head -50 $TMPFILE | sed -e '//,$d' -e '//,$d' -e '/