不乱于心,不困于情。
不畏将来,不念过往。如此,安好。

神兵利器 – WAF2.0指纹识别

WAFW00F:Web应用防火墙指纹工具。

发送一个正常的HTTP请求,并分析响应;这将确定一些WAF解决方案。

如果不成功,它就发送一些(可能是恶意的)HTTP请求,并使用简单的逻辑来推断它是哪个WAF。

如果这也不成功,它就会分析之前返回的响应,并使用另一种简单的算法来猜测是否有WAF或安全解决方案在主动响应我们的攻击。

使用方法:

wafw00f https://example.org

支持多种WAF检测,让你更容易绕过WAF

$ wafw00f -l
                   ______                   /      \                  (  Woof! )                   \  ____/                      )                   ,,                           ) (_              .-. -    _______                 ( |__|             ()``; |==|_______)                .)|__|             / ('        /|\                  (  |__|         (  /  )        / | \                  . |__|          \(_)_))      /  |  \                   |__|
                    ~ WAFW00F : v2.1.0 ~     The Web Application Firewall Fingerprinting Toolkit      [+] Can test for these WAFs:
  WAF Name                        Manufacturer   --------                        ------------
  ACE XML Gateway                  Cisco                               aeSecure                         aeSecure                            AireeCDN                         Airee                               Airlock                          Phion/Ergon                         Alert Logic                      Alert Logic                         AliYunDun                        Alibaba Cloud Computing             Anquanbao                        Anquanbao                           AnYu                             AnYu Technologies                   Approach                         Approach                            AppWall                          Radware                             Armor Defense                    Armor                               ArvanCloud                       ArvanCloud                          ASP.NET Generic                  Microsoft                           ASPA Firewall                    ASPA Engineering Co.                Astra                            Czar Securities                     AWS Elastic Load Balancer        Amazon                              AzionCDN                         AzionCDN                            Azure Front Door                 Microsoft                           Barikode                         Ethic Ninja                         Barracuda                        Barracuda Networks                  Bekchy                           Faydata Technologies Inc.           Beluga CDN                       Beluga                              BIG-IP Local Traffic Manager     F5 Networks                      
  BinarySec                        BinarySec                        
  BitNinja                         BitNinja                            BlockDoS                         BlockDoS                            Bluedon                          Bluedon IST                         BulletProof Security Pro         AITpro Security                     CacheWall                        Varnish                             CacheFly CDN                     CacheFly                            Comodo cWatch                    Comodo CyberSecurity                CdnNS Application Gateway        CdnNs/WdidcNet                      ChinaCache Load Balancer         ChinaCache                          Chuang Yu Shield                 Yunaq                               Cloudbric                        Penta Security                      Cloudflare                       Cloudflare Inc.                     Cloudfloor                       Cloudfloor DNS                      Cloudfront                       Amazon                              CrawlProtect                     Jean-Denis Brun                     DataPower                        IBM                                 DenyALL                          Rohde & Schwarz CyberSecurity       Distil                           Distil Networks                     DOSarrest                        DOSarrest Internet Security         DotDefender                      Applicure Technologies              DynamicWeb Injection Check       DynamicWeb                          Edgecast                         Verizon Digital Media               Eisoo Cloud Firewall             Eisoo                               Expression Engine                EllisLab                            BIG-IP AppSec Manager            F5 Networks                         BIG-IP AP Manager                F5 Networks                         Fastly                           Fastly CDN                          FirePass                         F5 Networks                         FortiWeb                         Fortinet                            GoDaddy Website Protection       GoDaddy                             Greywizard                       Grey Wizard                         Huawei Cloud Firewall            Huawei                              HyperGuard                       Art of Defense                      Imunify360                       CloudLinux                          Incapsula                        Imperva Inc.                        IndusGuard                       Indusface                           Instart DX                       Instart Logic                       ISA Server                       Microsoft                           Janusec Application Gateway      Janusec                             Jiasule                          Jiasule                             Kona SiteDefender                Akamai                              KS-WAF                           KnownSec                            KeyCDN                           KeyCDN                              LimeLight CDN                    LimeLight                           LiteSpeed                        LiteSpeed Technologies              Open-Resty Lua Nginx             FLOSS                               Oracle Cloud                     Oracle                              Malcare                          Inactiv                             MaxCDN                           MaxCDN                              Mission Control Shield           Mission Control                     ModSecurity                      SpiderLabs                          NAXSI                            NBS Systems                         Nemesida                         PentestIt                           NevisProxy                       AdNovum                             NetContinuum                     Barracuda Networks                  NetScaler AppFirewall            Citrix Systems                      Newdefend                        NewDefend                           NexusGuard Firewall              NexusGuard                          NinjaFirewall                    NinTechNet                          NullDDoS Protection              NullDDoS                            NSFocus                          NSFocus Global Inc.                 OnMessage Shield                 BlackBaud                           Palo Alto Next Gen Firewall      Palo Alto Networks                  PerimeterX                       PerimeterX                          PentaWAF                         Global Network Services             pkSecurity IDS                   pkSec                               PT Application Firewall          Positive Technologies               PowerCDN                         PowerCDN                            Profense                         ArmorLogic                          Puhui                            Puhui                               Qcloud                           Tencent Cloud                       Qiniu                            Qiniu CDN                           Reblaze                          Reblaze                             RSFirewall                       RSJoomla!                           RequestValidationMode            Microsoft                           Sabre Firewall                   Sabre                               Safe3 Web Firewall               Safe3                               Safedog                          SafeDog                             Safeline                         Chaitin Tech.                       SecKing                          SecKing                             eEye SecureIIS                   BeyondTrust                         SecuPress WP Security            SecuPress                           SecureSphere                     Imperva Inc.                        Secure Entry                     United Security Providers           SEnginx                          Neusoft                             ServerDefender VP                Port80 Software                     Shield Security                  One Dollar Plugin                   Shadow Daemon                    Zecure                              SiteGround                       SiteGround                          SiteGuard                        Sakura Inc.                         Sitelock                         TrueShield                          SonicWall                        Dell                                UTM Web Protection               Sophos                              Squarespace                      Squarespace                         SquidProxy IDS                   SquidProxy                          StackPath                        StackPath                           Sucuri CloudProxy                Sucuri Inc.                         Tencent Cloud Firewall           Tencent Technologies                Teros                            Citrix Systems                      Trafficshield                    F5 Networks                         TransIP Web Firewall             TransIP                             URLMaster SecurityCheck          iFinity/DotNetNuke                  URLScan                          Microsoft                           UEWaf                            UCloud                              Varnish                          OWASP                               Viettel                          Cloudrity                           VirusDie                         VirusDie LLC                        Wallarm                          Wallarm Inc.                        WatchGuard                       WatchGuard Technologies             WebARX                           WebARX Security Solutions           WebKnight                        AQTRONIX                            WebLand                          WebLand                             RayWAF                           WebRay Solutions                    WebSEAL                          IBM                                 WebTotem                         WebTotem                            West263 CDN                      West263CDN                          Wordfence                        Defiant                             WP Cerber Security               Cerber Tech                         WTS-WAF                          WTS                                 360WangZhanBao                   360 Technologies                    XLabs Security WAF               XLabs                               Xuanwudun                        Xuanwudun                           Yundun                           Yundun                              Yunsuo                           Yunsuo                              Yunjiasu                         Baidu Cloud Computing               YXLink                           YxLink Technologies                 Zenedge                          Zenedge                             ZScaler                          Accenture

项目地址:https://github.com/EnableSecurity/wafw00f

文章来源: Khan安全团队

赞(0) 打赏
未经允许不得转载:seo优化_前端开发_渗透技术 » 神兵利器 – WAF2.0指纹识别

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏