GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → stamparm → Identywaf

stamparm / Identywaf

Licence: mit
Blind WAF identification tool

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securitynetworkinfosecinferencewaf

Projects that are alternatives of or similar to Identywaf

Autosqli
An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
Stars: ✭ 222 (-23.71%)
Mutual labels:  infosec, waf
Metta
An information security preparedness tool to do adversarial simulation.
Stars: ✭ 867 (+197.94%)
Mutual labels:  network, infosec
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+335.74%)
Mutual labels:  network, infosec
Disco4g
4G/LTE softmod for the Parrot Disco
Stars: ✭ 273 (-6.19%)
Mutual labels:  network
Cloudbunny
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (-6.19%)
Mutual labels:  waf
Eiskaltdcpp
File sharing program using DC and ADC protocols
Stars: ✭ 277 (-4.81%)
Mutual labels:  network
Linux Network Performance Parameters
Learn where some of the network sysctl variables fit into the Linux/Kernel network flow
Stars: ✭ 3,112 (+969.42%)
Mutual labels:  network
Cavaface.pytorch
🍻 🚀 🌆 face recognition project(pytorch)
Stars: ✭ 271 (-6.87%)
Mutual labels:  network
Awesome Falsehood
😱 Falsehoods Programmers Believe in
Stars: ✭ 16,614 (+5609.28%)
Mutual labels:  network
Nazaraengine
Nazara Engine is a fast, complete, cross-platform, object-oriented API which can help you in your daily developper life.
Stars: ✭ 279 (-4.12%)
Mutual labels:  network
Hisocket
It is a lightweight client socket solution, you can used it in C# project or Unity3d
Stars: ✭ 275 (-5.5%)
Mutual labels:  network
Nbd
Network Block Device
Stars: ✭ 270 (-7.22%)
Mutual labels:  network
Xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+975.95%)
Mutual labels:  infosec
Phishapi
Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
Stars: ✭ 272 (-6.53%)
Mutual labels:  infosec
Rshijack
tcp connection hijacker, rust rewrite of shijack
Stars: ✭ 288 (-1.03%)
Mutual labels:  network
Wordlists
Infosec Wordlists
Stars: ✭ 271 (-6.87%)
Mutual labels:  infosec
Traitor
⬆️ ☠️ Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, polkit, docker socket
Stars: ✭ 3,473 (+1093.47%)
Mutual labels:  infosec
Filetype.py
Small, dependency-free, fast Python package to infer binary file types checking the magic numbers signature
Stars: ✭ 275 (-5.5%)
Mutual labels:  inference
Vps
个人笔记汇总
Stars: ✭ 276 (-5.15%)
Mutual labels:  network
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+998.97%)
Mutual labels:  infosec
View All Similar Projects ➔

Build Status Python 2.x|3.x License WAFs 80

identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently it supports more than 80 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.

For more information you can check slides for a talk "Blind WAF identification" held at Sh3llCON 2019 (Santander / Spain).

Note: as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for the future reference.

Screenshots

Installation

You can download the latest zipball by clicking here.

Preferably, you can download identYwaf by cloning the Git repository:

git clone --depth 1 https://github.com/stamparm/identYwaf.git

identYwaf works out of the box with any Python version from 2.6.x to 3.x on any platform.

Usage

$ python identYwaf.py 
                                    __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.XX)

Usage: python identYwaf.py [options] <host|url>

Options:
  --version           Show program's version number and exit
  -h, --help          Show this help message and exit
  --delay=DELAY       Delay (sec) between tests (default: 0)
  --timeout=TIMEOUT   Response timeout (sec) (default: 10)
  --proxy=PROXY       HTTP proxy address (e.g. "http://127.0.0.1:8080")
  --proxy-file=PRO..  Load (rotating) HTTP(s) proxy list from a file
  --random-agent      Use random HTTP User-Agent header value
  --code=CODE         Expected HTTP code in rejected responses
  --string=STRING     Expected string in rejected responses
  --post              Use POST body for sending payloads
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].