Tools

identYwaf v1.0.118 releases: Blind WAF identification tool

identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.

Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference.

Changelog v1.0.118

  • Adding signatures for new WAF (Wapples)

Installation

git clone –depth 1 https://github.com/stamparm/identYwaf.git

Copyright (c) 2019 Miroslav Stampar

Source: https://github.com/stamparm/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering