[FEATURE REQUEST] Windows Heuristic Detection

[godylockz]

Add automated windows heuristic detection for case sensitivity.

When scanning windows targets Index.html and index.html will lead to the same result as it is case insensitive. Detecting this you can reduce the word list to using only lowercase characters.

You can check this during the first result of the target by checking if varying case sensitivity will also lead to the same result.

Can display "OS detection: Windows or Linux"

This could also make it so you no longer need 2 different word lists depending on the target system.

[epi052]

🤔 that's an interesting idea. It would fit the heuristic model, just need to fire off the requests and act appropriately

[aancw]

How about the web framework that use case sensitive and it can be run in windows/linux? How to detect that?

[mark0smith]

How about the web framework that use case sensitive and it can be run in windows/linux? How to detect that?

I think the check about whether web servers use case sensitive URI or not should start when some dirs/files has been found.
And this check could be done by:

1. randomly change some chars of URI from lowercase to uppercase
2. check if the response of modified URI is the same with previous responses or not
3. if all ( or a ratio, above of 80% ?) responses are the same, we can think the server is URI case insensitive.

For example, if feroxbuster discover aspnet_client.
To make above check, feroxbuster can make requests to aspnet_client,aspNet_cLient,asPnet_clieNt ... and compare their responses (status code, content length, word count, hash of response ...)
If the server is URI case insensitive, all the responses should be the same and feroxbuster could turn on case insentive mode (format wordlists to all lowercase and remove duplicated ones).