truestack 0.2.0

Security-aware technology fingerprinting — detects what is really running, not what the version string claims
Documentation

Part of the Santh security research ecosystem.

truestack — Security-aware technology fingerprinting

CI License: MIT Crates.io

Security-aware technology fingerprinting for web servers.

Unlike traditional fingerprinting tools that report what the version string claims, truestack is designed to determine the true security posture of a target — including detection of backported patches, behavioural differential probing, and CVE correlation.

Features

  • TOML-driven rule engine — signal-based detection from HTTP headers, response bodies, and cookies. Rules are easily extensible.
  • Standalone CLI — Run fingerprinting directly from the command line.
  • Security header auditing — checks for HSTS, CSP, X-Frame-Options, and more. Includes deep CSP bypass analysis.
  • Favicon hashing — Shodan-compatible MurmurHash3 for cross-service pivot (http.favicon.hash:{value}).
  • Zero-config core — fingerprinting runs on raw data &[(K, V)] and &str without requiring a specific HTTP client. Optional fetch feature provides async fetching helpers.

CLI Usage

Install the truestack binary:

cargo install --path .

Scan a URL:

truestack https://example.com --favicon --format json

Load custom rules:

truestack https://example.com --rules-dir ./my-rules/

Library Usage

use truestack::fingerprints;
use truestack::security_headers;

fn main() {
    // 1. Detect technologies from headers and body
    let headers = vec![
        ("Server".to_string(), "nginx/1.21.0".to_string()),
        ("X-Powered-By".to_string(), "Express".to_string()),
    ];
    let body = "<html><body>__NEXT_DATA__</body></html>";
    
    let techs = fingerprints::detect(&headers, body);
    for tech in techs {
        println!("Found: {} (version: {:?})", tech.name, tech.version);
    }
    
    // 2. Audit security headers
    let findings = security_headers::audit(&headers);
    for finding in findings {
        println!("Security Finding [{}]: {}", finding.severity.as_str(), finding.title);
        println!("  {}", finding.detail);
    }
}

Optional Features

  • fetch: Enables truestack::favicon::fetch_hash which uses reqwest to download a favicon and compute its Shodan hash.

License

MIT