stamparm / identywaf Goto Github PK

Hi there,

I really liked the idea behind this project. Kudos!

There's a thing that can come in handy while comparing signatures to the result of the test, it's called Levenshtein distance.
In simple words, it's the measure of edits required to change one string to another.

For example, The Levenshtein Distance between cat and bat is 1 because we just need to change one character to change cat into bat.
Similarly, we can calculate the Levenshtein Distance between the result and the signatures.

fuzzywuzzy module returns the similarty between two strings using this principle and it's very easy to use.

Implementation

from fuzzywuzzy import process
signatures = ["x..xxx....", "..x..xxxxx.x", "xxx....xxx", "...x...x..x."]
result = "x...x.x.x..."
process.extract(result, signatures, limit=2) # limit = top n matches

Output: [('..x..xxxxx.x', 95), ('...x...x..x.', 95)]

I would like to implement this with a PR if you like the idea.

您好，请问可以指定输出文件嘛，比如说json格式的文件？

I some webapp you can find custom headers like:
X-api-token or similar.
But to check for WAF at the moment there is no option.
This could help a lot.
I can add a PR if you like this idea, when i have some free time.
Awesome project!

DuEdge Event ID\:
http://www.lequgo.com/shopping-nav/index.aspx?sort=1%27&classid=1

https://github.com/baidu/openrasp

Tencent Waterproof Wall (unverified)
https://007.qq.com/product.html?ADTAG=index.head
https://www.wappalyzer.com/technologies/hosting-panels/tencent-waterproof-wall/

example:
https://www.somd5.com/

Hello, Stamparm. Can you plz add tamper suggesting(testing) for sqlmap like it realized in WhatWaf https://github.com/Ekultek/WhatWaf and maybe integrate this cool tool in sqlmap

Hi,
I got this with my python 3.7.3, it's works well with python2

root@docker:~/toolbox/identifywaf$ python3 identYwaf.py --random-agent https://example.com                                    __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.119)

Traceback (most recent call last):
  File "identYwaf.py", line 581, in <module>
    main()
  File "identYwaf.py", line 574, in main
    init()
  File "identYwaf.py", line 362, in init
    print(colorize("[o] initializing handlers..."))
  File "/usr/lib/python3.7/codecs.py", line 378, in write
    self.stream.write(data)

TypeError: write() argument must be str, not bytes

How can I contribute code? Is there any reference documentation?

i don't understand why move the flags to the beginning of the WAF_RECOGNITION_REGEX?
i just want to match a keyword that case sensitive,but if a waf regex has (?i), it will work to all regex, so why?

thanks.
best wishes for you.

You may want to add some Chinese words as a condition to recognize WAF, since many Chinese websites are only for Chinese people, they are set to display only Chinese.

like this one: aliyundun (from alibaba's aliyun)
很抱歉，由于您访问的URL有可能对网站造成安全威胁，您的访问被阻断 or ( 您的请求ID是 and ( http status=405 or title=405 )

header:

ctyun-origin: 211
Ctyun_Cdn_Gateway: v3.4.0

https://censys.io/ipv4
https://www.shodan.io/
https://www.zoomeye.org/
https://fofa.so/
https://quake.360.cn/quake/#/index