WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.
Project description
# WAFW00F
WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.
## How does it work?
To do its magic, WAFW00F does the following:
- Sends a _normal_ HTTP request and analyses the response; this identifies a
number of WAF solutions
- If that is not successful, it sends a number of (potentially malicious) HTTP
requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously
returned and uses another simple algorithm to guess if a WAF or security
solution is actively responding to our attacks
For further details, check out the source code on the main site,
[github.com/sandrogauci/wafw00f](https://github.com/sandrogauci/wafw00f).
## What does it detect?
It detects a number of WAFs. To view which WAFs it is able to detect run
WAFW00F with the `-l` option. At the time of writing the output is as follows:
$ ./wafw00f -l
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Can test for these WAFs:
Applicure dotDefender
Art of Defence HyperGuard
Aqtronix WebKnight
Barracuda Aplication Firewall
BinarySec
Cisco ACE XML Gateway
Citrix NetScaler
CloudFlare
DenyALL WAF
eEye Digital Security - SecureIIS
F5 FirePass
F5 TrafficShield
F5 BIG-IP (LTM, APM, ASM)
IBM Web Application Security
IBM DataPower
Imperva SecureSphere
InfoGuard Airlock
Incapsula WAF
Juniper WebApp Secure
Microsoft ISA Server
Microsoft UrlScan
NetContinuum
Profense
TrustWave ModSecurity
Teros WAF
USP Secure Entry Server
## How do I use it?
For help please make use of the `--help` option. The basic usage is to pass it
a URL as an argument. Example:
$./wafw00f https://www.ibm.com/
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Checking https://www.ibm.com/
The site https://www.ibm.com/ is behind a Citrix NetScaler
Number of requests: 6
## How do I install it?
The following should do the trick:
python setup.py install
or
pip install wafw00f
## Need a freelance pentester?
More information about the services that I offer at [Enable Security](http://enablesecurity.com/)
## Questions?
Contact [me](mailto:sandro@enablesecurity.com)
WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.
## How does it work?
To do its magic, WAFW00F does the following:
- Sends a _normal_ HTTP request and analyses the response; this identifies a
number of WAF solutions
- If that is not successful, it sends a number of (potentially malicious) HTTP
requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously
returned and uses another simple algorithm to guess if a WAF or security
solution is actively responding to our attacks
For further details, check out the source code on the main site,
[github.com/sandrogauci/wafw00f](https://github.com/sandrogauci/wafw00f).
## What does it detect?
It detects a number of WAFs. To view which WAFs it is able to detect run
WAFW00F with the `-l` option. At the time of writing the output is as follows:
$ ./wafw00f -l
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Can test for these WAFs:
Applicure dotDefender
Art of Defence HyperGuard
Aqtronix WebKnight
Barracuda Aplication Firewall
BinarySec
Cisco ACE XML Gateway
Citrix NetScaler
CloudFlare
DenyALL WAF
eEye Digital Security - SecureIIS
F5 FirePass
F5 TrafficShield
F5 BIG-IP (LTM, APM, ASM)
IBM Web Application Security
IBM DataPower
Imperva SecureSphere
InfoGuard Airlock
Incapsula WAF
Juniper WebApp Secure
Microsoft ISA Server
Microsoft UrlScan
NetContinuum
Profense
TrustWave ModSecurity
Teros WAF
USP Secure Entry Server
## How do I use it?
For help please make use of the `--help` option. The basic usage is to pass it
a URL as an argument. Example:
$./wafw00f https://www.ibm.com/
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __////7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Checking https://www.ibm.com/
The site https://www.ibm.com/ is behind a Citrix NetScaler
Number of requests: 6
## How do I install it?
The following should do the trick:
python setup.py install
or
pip install wafw00f
## Need a freelance pentester?
More information about the services that I offer at [Enable Security](http://enablesecurity.com/)
## Questions?
Contact [me](mailto:sandro@enablesecurity.com)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
wafw00f-0.9.3.tar.gz
(14.7 kB
view details)
File details
Details for the file wafw00f-0.9.3.tar.gz.
File metadata
- Download URL: wafw00f-0.9.3.tar.gz
- Upload date:
- Size: 14.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b1febbce3c9ac594364e4454957d7ff774e12fd976acc46f5eba139c68604427
|
|
| MD5 |
80294848890e87fef6e049c65aabdca2
|
|
| BLAKE2b-256 |
23f248fc48fd03230736a4c4b4f605f6a56c2589f98f03e09249b69a20166c40
|
