identYwaf v1.0.77 releases: Blind WAF identification tool

identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently, it supports more than 60 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.

Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference.

identYwaf

Changelog v1.0.77

  • Adding support for WTS

Installation

git clone –depth 1 https://github.com/stamparm/identYwaf.git

Usage

$ python identYwaf.py 
                                    __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.X)

Usage: python identYwaf.py [options] <host|url>

Options:
  --version          Show program's version number and exit
  -h, --help         Show this help message and exit
  --delay=DELAY      Delay (sec) between tests (default: 0)
  --timeout=TIMEOUT  Response timeout (sec) (default: 10)
  --proxy=PROXY      HTTP proxy address (e.g. "http://127.0.0.1:8080")

 

 

Copyright (c) 2019 Miroslav Stampar

Source: https://github.com/stamparm/

Share