stamparm / identywaf Goto Github PK
View Code? Open in Web Editor NEWBlind WAF identification tool
License: MIT License
Blind WAF identification tool
License: MIT License
Hi there,
I really liked the idea behind this project. Kudos!
There's a thing that can come in handy while comparing signatures to the result of the test, it's called Levenshtein distance.
In simple words, it's the measure of edits required to change one string to another.
For example, The Levenshtein Distance between cat
and bat
is 1
because we just need to change one character to change cat
into bat
.
Similarly, we can calculate the Levenshtein Distance between the result and the signatures.
fuzzywuzzy
module returns the similarty between two strings using this principle and it's very easy to use.
from fuzzywuzzy import process
signatures = ["x..xxx....", "..x..xxxxx.x", "xxx....xxx", "...x...x..x."]
result = "x...x.x.x..."
process.extract(result, signatures, limit=2) # limit = top n matches
Output: [('..x..xxxxx.x', 95), ('...x...x..x.', 95)]
I would like to implement this with a PR if you like the idea.
您好,请问可以指定输出文件嘛,比如说json格式的文件?
I some webapp you can find custom headers like:
X-api-token
or similar.
But to check for WAF at the moment there is no option.
This could help a lot.
I can add a PR if you like this idea, when i have some free time.
Awesome project!
DuEdge Event ID\:
http://www.lequgo.com/shopping-nav/index.aspx?sort=1%27&classid=1
Tencent Waterproof Wall (unverified)
https://007.qq.com/product.html?ADTAG=index.head
https://www.wappalyzer.com/technologies/hosting-panels/tencent-waterproof-wall/
example:
https://www.somd5.com/
Hello, Stamparm. Can you plz add tamper suggesting(testing) for sqlmap like it realized in WhatWaf https://github.com/Ekultek/WhatWaf and maybe integrate this cool tool in sqlmap
Hi,
I got this with my python 3.7.3, it's works well with python2
root@docker:~/toolbox/identifywaf$ python3 identYwaf.py --random-agent https://example.com __ __
____ ___ ___ ____ ______ | T T __ __ ____ _____
l j| \ / _]| \ | T| | || T__T T / T| __|
| T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_
| | | D YY _]| | | | | |___ || | | || || _|
j l | || [_ | | | | | | ! \ / | | || ]
|____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.119)
Traceback (most recent call last):
File "identYwaf.py", line 581, in <module>
main()
File "identYwaf.py", line 574, in main
init()
File "identYwaf.py", line 362, in init
print(colorize("[o] initializing handlers..."))
File "/usr/lib/python3.7/codecs.py", line 378, in write
self.stream.write(data)
TypeError: write() argument must be str, not bytes
How can I contribute code? Is there any reference documentation?
Line 353 in c623194
i don't understand why move the flags to the beginning of the WAF_RECOGNITION_REGEX?
i just want to match a keyword that case sensitive,but if a waf regex has (?i), it will work to all regex, so why?
thanks.
best wishes for you.
You may want to add some Chinese words as a condition to recognize WAF, since many Chinese websites are only for Chinese people, they are set to display only Chinese.
like this one: aliyundun (from alibaba's aliyun)
很抱歉,由于您访问的URL有可能对网站造成安全威胁,您的访问被阻断
or ( 您的请求ID是
and ( http status=405
or title=405
)
Line 87 in 70a8309
header:
ctyun-origin: 211
Ctyun_Cdn_Gateway: v3.4.0
https://censys.io/ipv4
https://www.shodan.io/
https://www.zoomeye.org/
https://fofa.so/
https://quake.360.cn/quake/#/index
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.