神兵利器 – WAF2.0指纹识别

  • A+
所属分类:安全工具


        WAFW00F:Web应用防火墙指纹工具。


神兵利器 - WAF2.0指纹识别


        发送一个正常的HTTP请求,并分析响应;这将确定一些WAF解决方案。

         如果不成功,它就发送一些(可能是恶意的)HTTP请求,并使用简单的逻辑来推断它是哪个WAF。

          如果这也不成功,它就会分析之前返回的响应,并使用另一种简单的算法来猜测是否有WAF或安全解决方案在主动响应我们的攻击。


使用方法:

wafw00f https://example.org


支持多种WAF检测,让你更容易绕过WAF


$ wafw00f -l
______ / ( Woof! ) ____/ ) ,, ) (_ .-. - _______ ( |__| ()``; |==|_______) .)|__| / (' /| ( |__| ( / ) / | . |__| (_)_)) / | |__|
~ WAFW00F : v2.1.0 ~ The Web Application Firewall Fingerprinting Toolkit [+] Can test for these WAFs:
WAF Name Manufacturer -------- ------------
ACE XML Gateway Cisco aeSecure aeSecure AireeCDN Airee Airlock Phion/Ergon Alert Logic Alert Logic AliYunDun Alibaba Cloud Computing Anquanbao Anquanbao AnYu AnYu Technologies Approach Approach AppWall Radware Armor Defense Armor ArvanCloud ArvanCloud ASP.NET Generic Microsoft ASPA Firewall ASPA Engineering Co. Astra Czar Securities AWS Elastic Load Balancer Amazon AzionCDN AzionCDN Azure Front Door Microsoft Barikode Ethic Ninja Barracuda Barracuda Networks Bekchy Faydata Technologies Inc. Beluga CDN Beluga BIG-IP Local Traffic Manager F5 Networks BinarySec BinarySec BitNinja BitNinja BlockDoS BlockDoS Bluedon Bluedon IST BulletProof Security Pro AITpro Security CacheWall Varnish CacheFly CDN CacheFly Comodo cWatch Comodo CyberSecurity CdnNS Application Gateway CdnNs/WdidcNet ChinaCache Load Balancer ChinaCache Chuang Yu Shield Yunaq Cloudbric Penta Security Cloudflare Cloudflare Inc. Cloudfloor Cloudfloor DNS Cloudfront Amazon CrawlProtect Jean-Denis Brun DataPower IBM DenyALL Rohde & Schwarz CyberSecurity Distil Distil Networks DOSarrest DOSarrest Internet Security DotDefender Applicure Technologies DynamicWeb Injection Check DynamicWeb Edgecast Verizon Digital Media Eisoo Cloud Firewall Eisoo Expression Engine EllisLab BIG-IP AppSec Manager F5 Networks BIG-IP AP Manager F5 Networks Fastly Fastly CDN FirePass F5 Networks FortiWeb Fortinet GoDaddy Website Protection GoDaddy Greywizard Grey Wizard Huawei Cloud Firewall Huawei HyperGuard Art of Defense Imunify360 CloudLinux Incapsula Imperva Inc. IndusGuard Indusface Instart DX Instart Logic ISA Server Microsoft Janusec Application Gateway Janusec Jiasule Jiasule Kona SiteDefender Akamai KS-WAF KnownSec KeyCDN KeyCDN LimeLight CDN LimeLight LiteSpeed LiteSpeed Technologies Open-Resty Lua Nginx FLOSS Oracle Cloud Oracle Malcare Inactiv MaxCDN MaxCDN Mission Control Shield Mission Control ModSecurity SpiderLabs NAXSI NBS Systems Nemesida PentestIt NevisProxy AdNovum NetContinuum Barracuda Networks NetScaler AppFirewall Citrix Systems Newdefend NewDefend NexusGuard Firewall NexusGuard NinjaFirewall NinTechNet NullDDoS Protection NullDDoS NSFocus NSFocus Global Inc. OnMessage Shield BlackBaud Palo Alto Next Gen Firewall Palo Alto Networks PerimeterX PerimeterX PentaWAF Global Network Services pkSecurity IDS pkSec PT Application Firewall Positive Technologies PowerCDN PowerCDN Profense ArmorLogic Puhui Puhui Qcloud Tencent Cloud Qiniu Qiniu CDN Reblaze Reblaze RSFirewall RSJoomla! RequestValidationMode Microsoft Sabre Firewall Sabre Safe3 Web Firewall Safe3 Safedog SafeDog Safeline Chaitin Tech. SecKing SecKing eEye SecureIIS BeyondTrust SecuPress WP Security SecuPress SecureSphere Imperva Inc. Secure Entry United Security Providers SEnginx Neusoft ServerDefender VP Port80 Software Shield Security One Dollar Plugin Shadow Daemon Zecure SiteGround SiteGround SiteGuard Sakura Inc. Sitelock TrueShield SonicWall Dell UTM Web Protection Sophos Squarespace Squarespace SquidProxy IDS SquidProxy StackPath StackPath Sucuri CloudProxy Sucuri Inc. Tencent Cloud Firewall Tencent Technologies Teros Citrix Systems Trafficshield F5 Networks TransIP Web Firewall TransIP URLMaster SecurityCheck iFinity/DotNetNuke URLScan Microsoft UEWaf UCloud Varnish OWASP Viettel Cloudrity VirusDie VirusDie LLC Wallarm Wallarm Inc. WatchGuard WatchGuard Technologies WebARX WebARX Security Solutions WebKnight AQTRONIX WebLand WebLand RayWAF WebRay Solutions WebSEAL IBM WebTotem WebTotem West263 CDN West263CDN Wordfence Defiant WP Cerber Security Cerber Tech WTS-WAF WTS 360WangZhanBao 360 Technologies XLabs Security WAF XLabs Xuanwudun Xuanwudun Yundun Yundun Yunsuo Yunsuo Yunjiasu Baidu Cloud Computing YXLink YxLink Technologies Zenedge Zenedge ZScaler Accenture


项目地址:https://github.com/EnableSecurity/wafw00f


本文始发于微信公众号(Khan安全团队):神兵利器 - WAF2.0指纹识别

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: