Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stamparm/identywaf
Blind WAF identification tool
https://github.com/stamparm/identywaf
blind inference infosec network security waf
Last synced: 6 days ago
JSON representation
Blind WAF identification tool
- Host: GitHub
- URL: https://github.com/stamparm/identywaf
- Owner: stamparm
- License: mit
- Created: 2019-01-10T11:27:58.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-06-25T08:15:40.000Z (6 months ago)
- Last Synced: 2024-12-13T02:05:48.091Z (13 days ago)
- Topics: blind, inference, infosec, network, security, waf
- Language: Python
- Homepage:
- Size: 2.95 MB
- Stars: 623
- Watchers: 14
- Forks: 118
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
![](https://i.imgur.com/75HpbHJ.png)
[![Build Status](https://api.travis-ci.org/stamparm/identYwaf.svg?branch=master)](https://travis-ci.org/stamparm/identYwaf) [![Python 2.x|3.x](https://img.shields.io/badge/python-2.x|3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/stamparm/identYwaf/blob/master/LICENSE) [![WAFs 80](https://img.shields.io/badge/WAFs-80-red.svg)](https://github.com/stamparm/identYwaf/blob/master/data.json)
**identYwaf** is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. `http://?aeD0oowi=1 AND 2>1`). Currently it supports more than 80 different protection products (e.g. `aeSecure`, `Airlock`, `CleanTalk`, `CrawlProtect`, `Imunify360`, `MalCare`, `ModSecurity`, `Palo Alto`, `SiteGuard`, `UrlScan`, `Wallarm`, `WatchGuard`, `Wordfence`, etc.), while the knowledge-base is constantly growing.
For more information you can check [slides](https://www.slideshare.net/stamparm/blind-waf-identification) for a talk "**Blind WAF identification**" held at *Sh3llCON 2019* (Santander / Spain).
Note: as part of this project, [screenshots](https://github.com/stamparm/identYwaf/tree/master/screenshots) of characteristic responses for different web protection systems are being gathered (manually) for the future reference.
## Screenshots
![](https://imgur.com/AZVi9vB.png)
![](https://i.imgur.com/tSOAgnn.png)
![](https://imgur.com/FJchQI0.png)
![](https://imgur.com/RqQdVJJ.png)
![](https://imgur.com/weHTSv9.png)
![](https://imgur.com/UKW2cRs.png)
![](https://imgur.com/20cd08y.png)
## Installation
You can download the latest zipball by clicking [here](https://github.com/stamparm/identYwaf/archive/master.zip).
Preferably, you can download identYwaf by cloning the Git repository:
`git clone --depth 1 https://github.com/stamparm/identYwaf.git`
**identYwaf** works out of the box with any Python version from **2.6.x** to **3.x** on any platform.
## Usage
```
$ python identYwaf.py
__ __
____ ___ ___ ____ ______ | T T __ __ ____ _____
l j| \ / _]| \ | T| | || T__T T / T| __|
| T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_
| | | D YY _]| | | | | |___ || | | || || _|
j l | || [_ | | | | | | ! \ / | | || ]
|____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.XX)Usage: python identYwaf.py [options]
Options:
--version Show program's version number and exit
-h, --help Show this help message and exit
--delay=DELAY Delay (sec) between tests (default: 0)
--timeout=TIMEOUT Response timeout (sec) (default: 10)
--proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")
--proxy-file=PRO.. Load (rotating) HTTP(s) proxy list from a file
--random-agent Use random HTTP User-Agent header value
--code=CODE Expected HTTP code in rejected responses
--string=STRING Expected string in rejected responses
--post Use POST body for sending payloads
```