Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Stars: ✭ 389 (+897.44%)

Mutual labels: waf

Modsecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…

Stars: ✭ 5,015 (+12758.97%)

Mutual labels: waf

Openwaf

Web security protection system based on openresty

Stars: ✭ 563 (+1343.59%)

Mutual labels: waf

Awesome Waf

🔥 Everything about web-application firewalls (WAF).

Stars: ✭ 4,047 (+10276.92%)

Mutual labels: waf

Janusec

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Stars: ✭ 771 (+1876.92%)

Mutual labels: waf

Htrace.sh

My simple Swiss Army knife for http/https troubleshooting and profiling.

Stars: ✭ 3,465 (+8784.62%)

Mutual labels: waf

Laravel Firewall

Web Application Firewall (WAF) package for Laravel

Stars: ✭ 544 (+1294.87%)

Mutual labels: waf

Haproxy Wi

Web interface for managing Haproxy, Nginx and Keepalived servers

Stars: ✭ 823 (+2010.26%)

Mutual labels: waf

Code Audit Challenges

Code-Audit-Challenges

Stars: ✭ 779 (+1897.44%)

Mutual labels: waf

Blazy

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

Stars: ✭ 637 (+1533.33%)

Mutual labels: waf

View All Similar Projects ➔

wafid

Wafid identify and fingerprint Web Application Firewall (WAF) products.

How does it work?

Wafid sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks

For further details, check out the source code on the main site, github.com/CSecGroup/wafid.

What does it detect?

It detects a number of WAFs.

python wafid.py -l
 
 __      __  _____  ___________.__    .___
/  \    /  \/  _  \ \_   _____/|__| __| _/
\   \/\/   /  /_\  \ |    __)  |  |/ __ | 
\        /    |    \|     \   |  / /_/ | 
 \__/\  /\____|__  /\___  /   |__\____ | 
      \/         \/     \/            \/

WAFid - Web Application Firewall identify Tool
By Code Security Group

WAFid can identify these WAFs:
 360
 Safedog
 NetContinuum
 Anquanbao
 Baidu Yunjiasu
 Knownsec KS-WAF
 BIG-IP
 Barracuda
 BinarySEC
 BlockDos
 Cisco ACE
 CloudFlare
 NetScaler
 FortiWeb
 jiasule
 Newdefend
 Palo Alto
 Safe3WAF
 Profense
 West263CDN
 WebKnight
 Wallarm
 USP Secure Entry Server
 Sucuri WAF
 Radware AppWall
 PowerCDN
 Naxsi
 Mission Control Application Shield
 IBM WebSphere DataPower
 Edgecast
 Applicure dotDefender
 Comodo WAF
 ChinaCache-CDN
 NSFocus

Also you can add waf id with finger.xml!

How do I use it?

Usage: python wafid.py -u URL

More Info

More information about the services that I offer at Code Security Group.

Questions?

contact me

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 39

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗