Merge da36f00580 into 082894dcad

2026-05-13 16:57:06 +00:00 · 2026-05-13 06:55:45 +08:00 · 2026-05-13 06:55:45 +08:00 · 03419956e5
commit 03419956e5
parent 082894dcad da36f00580
2 changed files with 43 additions and 0 deletions
--- a/4
+++ b/4
@ -17151,3 +17151,7 @@ ports 34555
 Probe UDP BECKHOFF_ADS q|\x03\x66\x14\x71\0\0\0\0\x01\0\0\0\0\0\0\0\x01\x01\x10\x27\0\0\0\0|
 rarity 8
 ports 48899
+##############################NEXT PROBE##############################
+Probe TCP GetRequest q|GET /_/ HTTP/1.0\r\n\r\n|
+ports 80,443,8080,8090
+match http m|^HTTP/1\.[01] 200 OK\r\n(?s).*PocketBase| p/PocketBase Go Backend/
--- a/scripts/pocketbase-detect.nse
+++ b/scripts/pocketbase-detect.nse
@ -0,0 +1,39 @@
+local http = require "http"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+
+description = [[
+  Detects the PocketBase (Go-based backend) service and its default admin panel.
+]]
+
+---
+-- @usage
+-- nmap -p 8090 --script pocketbase-detect <target>
+--
+-- @output
+-- PORT     STATE SERVICE
+-- 8090/tcp open  http
+-- |_pocketbase-detect: PocketBase Backend detected! Admin panel: /_/
+---
+
+author = "Aykut Gokbulut"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+-- PocketBase uses 8090 by default, but it can also run on standard HTTP ports
+portrule = shortport.port_or_service({80, 443, 8080, 8090}, "http")
+
+action = function(host, port)
+  local path = "/_/" -- Default PocketBase admin panel path
+  local response = http.get(host, port, path)
+  
+  -- Check if the page is accessible and contains PocketBase-specific patterns
+  if (response.status == 200 and response.body) then
+    -- Look for 'pocketbase' string or 'pb-' variable prefixes in the response body
+    if response.body:match("pocketbase") or response.body:match("pb%-") then
+      return "PocketBase Backend detected! Admin panel: " .. path
+    end
+  end
+  
+  return nil
+end