identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.
Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference.
- Adding signature and screenshot for SecuPress
git clone –depth 1 https://github.com/stamparm/identYwaf.git
$ python identYwaf.py __ __ ____ ___ ___ ____ ______ | T T __ __ ____ _____ l j| \ / _]| \ | T| | || T__T T / T| __| | T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_ | | | D YY _]| | | | | |___ || | | || || _| j l | || [_ | | | | | | ! \ / | | || ] |____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.X) Usage: python identYwaf.py [options] <host|url> Options: --version Show program's version number and exit -h, --help Show this help message and exit --delay=DELAY Delay (sec) between tests (default: 0) --timeout=TIMEOUT Response timeout (sec) (default: 10) --proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")
Copyright (c) 2019 Miroslav Stampar