Comments (6)
The new release was compiled with Ubuntu 22.04.4 LTS and go1.22.1
https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner/releases/tag/1.2.1
No FPs anymore. (The question is for how long...)
from web-cache-vulnerability-scanner.
I just compiled using the same OS/Go Version. No scanners detected it for me as well. Thank you for your help with this.
from web-cache-vulnerability-scanner.
Hello @Dave-0-0,
thanks for bringing this to our attention. The provided binaries are all cross-compiled from a Ubuntu host. That should be the reason for both the not matching hashes (not sure if the golang version etc. plays a role as well) as well as the AV detections. Golang is widely used among malware writers especially for its cross compilation features.
I just cross compiled it from source from another ubuntu host and it got flagged by the same 4 AVs.
We will check whether it's feasible to compile it on a windows host or to contact the AV vendors.
from web-cache-vulnerability-scanner.
Hello @m10x
Thank you for the quick response. I also thought it might be related to cross compiling, however when I compile the source using on an Ubuntu machine, I get a second different sha256 hash.
GOOS=windows GOARCH=amd64 go build web-cache-vulnerability-scanner.go
sha256sum web-cache-vulnerability-scanner.exe
3fc6293ac74442ec7cb1c9c56aca29c0ff59afc29336f80f0513db612df033b4 web-cache-vulnerability-scanner.exe
Can you share the version of Ubuntu and version of Go you are using to do the cross compilation? I'd like to see if I can reproduce the hash from the original binary from the source code.
Thanks,
Dave
from web-cache-vulnerability-scanner.
Summary:
Some AV seem to not like cross compilation with go version 1.21.5 (on a PopOS Host)
Detailed:
This is from my current Ubuntu Host with go1.22.1 (0 positive)
GOOS=windows GOARCH=amd64 go build web-cache-vulnerability-scanner.go && sha256sum ./web-cache-vulnerability-scanner.exe:
03ac1b66a9c6a0ad44c6520415df31deab38d98c6d50aafa8329e3358031ce8a ./web-cache-vulnerability-scanner.exe
VERSION="22.04.4 LTS (Jammy Jellyfish)"
go version go1.22.1 linux/amd64
virustotal (0 positive): https://www.virustotal.com/gui/file/03ac1b66a9c6a0ad44c6520415df31deab38d98c6d50aafa8329e3358031ce8a?nocache=1
This is from my PopOS Host (distro based on Ubuntu) with go1.21.5 (4 Positive)
GOOS=windows GOARCH=amd64 go build web-cache-vulnerability-scanner.go
sha256sum web-cache-vulnerability-scanner.exe
58620c66ee90dbdd287580dd66dab8ae322c2d381bef035b7bb41bbf3dff254b web-cache-vulnerability-scanner.exe
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 22.04 LTS"
go version
go version go1.21.5 linux/amd64
https://www.virustotal.com/gui/file/58620c66ee90dbdd287580dd66dab8ae322c2d381bef035b7bb41bbf3dff254b?nocache=1
After upgrading go from 1.21.5 to 1.22.1 it went down to 0 positive
go version
go version go1.22.1 linux/amd64
GOOS=windows GOARCH=amd64 go build web-cache-vulnerability-scanner.go
sha256sum web-cache-vulnerability-scanner.exe
98b3b115105c038bf0e4832ef693ae277191beeae616b87918c42d500fec5a69 web-cache-vulnerability-scanner.exe
https://www.virustotal.com/gui/file/98b3b115105c038bf0e4832ef693ae277191beeae616b87918c42d500fec5a69?nocache=1
from web-cache-vulnerability-scanner.
My bet is that some malware was cross-compiled using go1.21.5 and therefore some AVs are throwing false positives. I'll create a new minor release soon and will use go 1.22.1 for cross-compilation. I hope that the AVs won't throw a FP again sometime in the future. When the latest release was created over a month ago, it wasn't flagged by any AV.
from web-cache-vulnerability-scanner.
Related Issues (15)
- false positives occur, if the scanned website changes HOT 1
- Add wordlists to releases HOT 1
- Installation not possible HOT 4
- Installation failed HOT 3
- Installation failed HOT 4
- [Feature] Use custom user agent HOT 1
- runtime error: invalid memory address or nil pointer dereference HOT 3
- Can't run binary in MacOS HOT 2
- Add Cache Hit Headers Manually HOT 1
- Add Curl Commands to the Report HOT 1
- Cannot Specify "Host" Header while scanning HOT 1
- question about alerts HOT 2
- Prevent reporting 401/429 responses HOT 5
- -bash: wcvs: command not found. HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from web-cache-vulnerability-scanner.