{"id":13540142,"url":"https://github.com/stamparm/identywaf","last_synced_at":"2025-05-16T08:04:57.002Z","repository":{"id":41243324,"uuid":"165047907","full_name":"stamparm/identYwaf","owner":"stamparm","description":"Blind WAF identification tool","archived":false,"fork":false,"pushed_at":"2024-06-25T08:15:40.000Z","size":3094,"stargazers_count":675,"open_issues_count":0,"forks_count":126,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-05-16T08:04:51.142Z","etag":null,"topics":["blind","inference","infosec","network","security","waf"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stamparm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-10T11:27:58.000Z","updated_at":"2025-05-15T17:38:02.000Z","dependencies_parsed_at":"2024-10-27T09:17:31.689Z","dependency_job_id":null,"html_url":"https://github.com/stamparm/identYwaf","commit_stats":{"total_commits":198,"total_committers":7,"mean_commits":"28.285714285714285","dds":0.0757575757575758,"last_synced_commit":"aa670df19d949cc931c9c48d06e7ff19f9771e3b"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stamparm%2FidentYwaf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stamparm%2FidentYwaf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stamparm%2FidentYwaf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stamparm%2FidentYwaf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stamparm","download_url":"https://codeload.github.com/stamparm/identYwaf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493378,"owners_count":22080126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blind","inference","infosec","network","security","waf"],"created_at":"2024-08-01T09:01:41.260Z","updated_at":"2025-05-16T08:04:51.992Z","avatar_url":"https://github.com/stamparm.png","language":"Python","funding_links":[],"categories":["Awesome Tools","\u003ca id=\"0abd611fc3e9a4d9744865ca6e47a6b2\"\u003e\u003c/a\u003e工具"],"sub_categories":["Fingerprinting:","\u003ca id=\"784ea32a3f4edde1cd424b58b17e7269\"\u003e\u003c/a\u003eWAF"],"readme":"![](https://i.imgur.com/75HpbHJ.png)\n\n[![Build Status](https://api.travis-ci.org/stamparm/identYwaf.svg?branch=master)](https://travis-ci.org/stamparm/identYwaf) [![Python 2.x|3.x](https://img.shields.io/badge/python-2.x|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/stamparm/identYwaf/blob/master/LICENSE) [![WAFs 80](https://img.shields.io/badge/WAFs-80-red.svg)](https://github.com/stamparm/identYwaf/blob/master/data.json)\n\n**identYwaf** is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. `http://\u003chost\u003e?aeD0oowi=1 AND 2\u003e1`). Currently it supports more than 80 different protection products (e.g. `aeSecure`, `Airlock`, `CleanTalk`, `CrawlProtect`, `Imunify360`, `MalCare`, `ModSecurity`, `Palo Alto`, `SiteGuard`, `UrlScan`, `Wallarm`, `WatchGuard`, `Wordfence`, etc.), while the knowledge-base is constantly growing.\n\nFor more information you can check [slides](https://www.slideshare.net/stamparm/blind-waf-identification) for a talk \"**Blind WAF identification**\" held at *Sh3llCON 2019* (Santander / Spain).\n\nNote: as part of this project, [screenshots](https://github.com/stamparm/identYwaf/tree/master/screenshots) of characteristic responses for different web protection systems are being gathered (manually) for the future reference.\n\n## Screenshots\n\n![](https://imgur.com/AZVi9vB.png)\n\n![](https://i.imgur.com/tSOAgnn.png)\n\n![](https://imgur.com/FJchQI0.png)\n\n![](https://imgur.com/RqQdVJJ.png)\n\n![](https://imgur.com/weHTSv9.png)\n\n![](https://imgur.com/UKW2cRs.png)\n\n![](https://imgur.com/20cd08y.png)\n\n## Installation\n\nYou can download the latest zipball by clicking [here](https://github.com/stamparm/identYwaf/archive/master.zip).\n\nPreferably, you can download identYwaf by cloning the Git repository:\n\n`git clone --depth 1 https://github.com/stamparm/identYwaf.git`\n\n**identYwaf** works out of the box with any Python version from **2.6.x** to **3.x** on any platform.\n\n## Usage\n\n```\n$ python identYwaf.py \n                                    __ __ \n ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ \nl    j|   \\    /  _]|    \\ |      T|  |  ||  T__T  T /    T|   __|\n |  T |    \\  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_\n |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|\n j  l |     ||   [_ |  |  |  |  |  |     ! \\      / |  |  ||  ] \n|____jl_____jl_____jl__j__j  l__j  l____/   \\_/\\_/  l__j__jl__j  (1.0.XX)\n\nUsage: python identYwaf.py [options] \u003chost|url\u003e\n\nOptions:\n  --version           Show program's version number and exit\n  -h, --help          Show this help message and exit\n  --delay=DELAY       Delay (sec) between tests (default: 0)\n  --timeout=TIMEOUT   Response timeout (sec) (default: 10)\n  --proxy=PROXY       HTTP proxy address (e.g. \"http://127.0.0.1:8080\")\n  --proxy-file=PRO..  Load (rotating) HTTP(s) proxy list from a file\n  --random-agent      Use random HTTP User-Agent header value\n  --code=CODE         Expected HTTP code in rejected responses\n  --string=STRING     Expected string in rejected responses\n  --post              Use POST body for sending payloads\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstamparm%2Fidentywaf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstamparm%2Fidentywaf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstamparm%2Fidentywaf/lists"}