
Show HN: Detect software running from JavaScript in a browser - wybiral
https://github.com/wybiral/wtf
======
wybiral
The demo currently only looks for these services but in theory could detect
anything that opens a listener on a fixed port number: MySQL, Redis,
ElasticSearch, MongoDB, Dropbox, Steam, DAAP media players, and Tor (daemon,
browser, or Brave Tor mode).

I've been trying to accumulate a list of some of the more popular services
that can be discovered this way here:
[https://github.com/wybiral/localtoast/blob/master/js/index.j...](https://github.com/wybiral/localtoast/blob/master/js/index.js)

It works in Chrome, Firefox, and curiously enough even the Tor mode of Brave
Browser. Safari doesn't seem to allow these types of requests.

------
phillipseamore
You could also check for the LAN IP with WebRTC and scan (at least that
network as a /24) for services. You'd probably want to do something like that
in a worker. Besides that, obviously browsers should seek permission for web
sites to access resources from loopback/RFC1918/RC4193 addresses. You will
however usually not be able to get information from them (CORS) but might
affect services (get a ROKU to open an app etc.) with GET/POSTS to certain
services or devices.

------
zzo38computer
User configuration options would help, so that in the browser you can
specifically configure what connections are permitted.

~~~
wybiral
I agree, some kind of "Local access: enable/disable" the same way that
notifications and location services work would be great.

Especially since there's only a handful of use cases where this kind of access
could maybe make sense.

