Wafw00f V1.0.0 - Bring Out All The Spider Web Application Firewall!
WAFW00F identifies in addition to fingerprints Web Application Firewall (WAF) products.
How does it work?
To create its magic, WAFW00F does the following:
- Sends a normal HTTP asking in addition to analyses the response; this identifies a release of WAF solutions.
- If that is non successful, it sends a release of (potentially malicious) HTTP requests in addition to uses uncomplicated logic to deduce which WAF it is.
- If that is also non successful, it analyses the responses previously returned in addition to uses roughly other uncomplicated algorithm to gauge if a WAF or safety solution is actively responding to our attacks.
What does it detect?
It detects a release of WAFs. To sentiment which WAFs it is able to notice run WAFW00F alongside the
-l
option. At the fourth dimension of writing the output is every bit follows:$ wafw00f -l ______ / \ ( Woof! ) \______/ ) ,, ) (_ .-. - _______ ( |__| ()``; |==|_______) .)|__| / (' /|\ ( |__| ( / ) / | \ . |__| \(_)_)) / | \ |__| WAFW00F - Web Application Firewall Detection Tool Can bear witness for these WAFs: BlockDoS (BlockDoS) Armor Defense (Armor) ACE XML Gateway (Cisco) Malcare (Inactiv) RSFirewall (RSJoomla!) PerimeterX (PerimeterX) Varnish (OWASP) Barracuda Application Firewall (Barracuda Networks) Anquanbao (Anquanbao) NetContinuum (Barracuda Networks) HyperGuard (Art of Defense)Incapsula (Imperva Inc.) Safedog (SafeDog) NevisProxy (AdNovum) SEnginx (Neusoft) BitNinja (BitNinja) Janusec Application Gateway (Janusec) NinjaFirewall (NinTechNet) Edgecast (Verizon Digital Media) Alert Logic (Alert Logic) Cloudflare (Cloudflare Inc.) SecureSphere (Imperva Inc.) Bekchy (Faydata Technologies Inc.) Kona Site Defender (Akamai) Wallarm (Wallarm Inc.) Cloudfront (Amazon) aeSecure (aeSecure) eEye SecureIIS (BeyondTrust) VirusDie (VirusDie LLC) DOSarrest (DOSarrest Internet Security) SiteGround (SiteGround) Chuang Yu Shield (Yunaq) Yunsuo (Yunsuo) NAXSI (NBS Systems) UTM Web Protection (Sophos) Approach (Approach) NetScaler AppFirewall (Citrix Systems) DynamicWeb Injection Check (DynamicWeb) Xuanwudun WebTotem (WebTotem) Comodo (Comodo CyberSecurity Solutions) WTS-WAF (WTS) PowerCDN (PowerCDN) BIG-IP Access Policy Manager (F5 Networks) BinarySec (BinarySec) Greywizard (Grey Wizard) Shield Security (One Dollar Plugin) ASP.NET Generic Web Application Protection CacheWall (Varnish) Expression Engine (EllisLab) Airlock (Phion/Ergon) WatchGuard (WatchGuard Technologies) WP Cerber Security (Cerber Tech) Yunjiasu (Baidu Cloud Computing) DenyALL (Rohde & Schwarz CyberSecurity) AnYu (AnYu Technologies) Secure Entry (United Security Providers) ISA Server (Microsoft) Yundun (Yundun) FirePass (F5 Networks) GoDaddy Website Protection (GoDaddy) Imunify360 (CloudLinux) Safe3 Web Firewall (Safe3) WebSEAL (IBM) NSFocus (NSFocus Global Inc.) 360WangZhanBao (360 Technologies) Squarespace (Squarespace) Imperva SecureSphere B luedon (Bluedon IST) AliYunDun (Alibaba Cloud Computing) Wordfence (Feedjit) Palo Alto Next Gen Firewall (Palo Alto Networks) Tencent Cloud Firewall (Tencent Technologies) West263CDN WebARX (WebARX Security Solutions) Mission Control Application Shield (Mission Control) BIG-IP Local Traffic Manager (F5 Networks) Sitelock (TrueShield) ZScaler (Accenture) CrawlProtect (Jean-Denis Brun) Teros (Citrix Systems) AWS Elastic Load Balancer (Amazon) Cloudbric (Zendesk) StackPath (StackPath) URLScan (Microsoft) Sucuri (Sucuri Inc.) TransIP Web Firewall (TransIP) OnMessage Shield (BlackBaud) Distil (Distil Networks) Profense (ArmorLogic) ModSecurity (SpiderLabs) FortiWeb (Fortinet) XLabs Security WAF (XLabs) ASP.NET RequestValidationMode (Microsoft) Jiasule (Jiasule) ChinaCache CDN L oad Balancer (ChinaCache) URLMaster SecurityCheck (iFinity/DotNetNuke) Reblaze (Reblaze) Newdefend (NewDefend) Trafficshield (F5 Networks) KS-WAF (KnownSec) SiteGuard (Sakura Inc.) CdnNS Application Gateway (CdnNs/WdidcNet) DataPower (IBM) WebKnight (AQTRONIX) BIG-IP Application Security Manager (F5 Networks) Barikode (Ethic Ninja) Zenedge (Zenedge) SonicWall (Dell) DotDefender (Applicure Technologies) USP Secure Entry Server AppWall (Radware)
How create I role it?
First, install the tools every bit described here.
For assist delight brand role of the
--help
option. The basic usage is to transcend it a URL every bit an argument. Example:$ wafw00f https://example.org ______ / \ ( Woof! ) \______/ ) ,, ) (_ .-. - _______ ( |__| ()``; |==|_______) .)|__| / (' /|\ ( |__| ( / ) / | \ . |__| \(_)_)) / | \ |__| WAFW00F - Web Application Firewall Detection Tool Checking https://example.org The site https://example.org is behind Edgecast (Verizon Digital Media) WAF. Number of requests: 1
How create I install it?
The next should create the trick:
python setup.py install
Looking for pentesters?
More information near the services that nosotros offering at Enable Security
How create I write my ain novel checks?
Follow the instructions on the wiki