Skip to content

stamparm/identYwaf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

206 Commits

screenshots

screenshots

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

data.json

data.json

 
 

identYwaf.py

identYwaf.py

 
 

Repository files navigation

Build Status Python 2.x|3.x License WAFs 80

identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently it supports more than 80 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.

For more information you can check slides for a talk "Blind WAF identification" held at Sh3llCON 2019 (Santander / Spain).

Note: as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference.

Screenshots

Installation

You can download the latest zipball by clicking here.

Preferably, you can download identYwaf by cloning the Git repository:

git clone --depth 1 https://github.com/stamparm/identYwaf.git

identYwaf works out of the box with any Python version from 2.6.x to 3.x on any platform.

Usage

$ python identYwaf.py 
                                    __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.XX)

Usage: python identYwaf.py [options] <host|url>

Options:
  --version           Show program's version number and exit
  -h, --help          Show this help message and exit
  --delay=DELAY       Delay (sec) between tests (default: 0)
  --timeout=TIMEOUT   Response timeout (sec) (default: 10)
  --proxy=PROXY       HTTP proxy address (e.g. "http://127.0.0.1:8080")
  --proxy-file=PRO..  Load (rotating) HTTP(s) proxy list from a file
  --random-agent      Use random HTTP User-Agent header value
  --code=CODE         Expected HTTP code in rejected responses
  --string=STRING     Expected string in rejected responses
  --post              Use POST body for sending payloads

About

Blind WAF identification tool

Topics

security blind network inference waf infosec

Resources

Readme

License

MIT license
Activity

Stars

553 stars

Watchers

14 watching

Forks

112 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages