wafid: Wafid identify and fingerprint Web Application Firewall (WAF) products

by do son · February 24, 2018

wafid

Wafid identifies and fingerprints Web Application Firewall (WAF) products.

Download

git clone https://github.com/CSecGroup/wafid.git

How does it work?

Wafid sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks

What does it detect?

It detects a number of WAFs.

python wafid.py -l

 

 __      __  _____  ___________.__    .___

/  \    /  \/  _  \ \_   _____/|__| __| _/

\   \/\/   /  /_\  \ |    __)  |  |/ __ | 

\        /    |    \|     \   |  / /_/ | 

 \__/\  /\____|__  /\___  /   |__\____ | 

      \/         \/     \/            \/



WAFid - Web Application Firewall identify Tool

By Code Security Group



WAFid can identify these WAFs:

 360

 Safedog

 NetContinuum

 Anquanbao

 Baidu Yunjiasu

 Knownsec KS-WAF

 BIG-IP

 Barracuda

 BinarySEC

 BlockDos

 Cisco ACE

 CloudFlare

 NetScaler

 FortiWeb

 jiasule

 Newdefend

 Palo Alto

 Safe3WAF

 Profense

 West263CDN

 WebKnight

 Wallarm

 USP Secure Entry Server

 Sucuri WAF

 Radware AppWall

 PowerCDN

 Naxsi

 Mission Control Application Shield

 IBM WebSphere DataPower

 Edgecast

 Applicure dotDefender

 Comodo WAF

 ChinaCache-CDN

 NSFocus

Also, you can add waf id with finger.xml!

How do I use it?

Source: https://github.com/CSecGroup/

wafid: Wafid identify and fingerprint Web Application Firewall (WAF) products

Search

Brilliantly

Content & Links