一款盲目WAF识别工具
2022-10-3 08:3:10 Author: 雾晓安全(查看原文) 阅读量:25 收藏

一种识别工具,可以基于盲目推理识别Web保护类型(即WAF)。盲推理是通过检查由一组预定义的攻击性(非破坏性)有效载荷引起的响应来完成的,其中这些有效载荷仅用于触发介于两者之间的Web保护系统(例如),目前,它支持80多种不同的保护产品。

用法:

$ python identYwaf.py                                     __ __  ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __| |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_ |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _| j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] |____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.XX)
Usage: python identYwaf.py [options] <host|url>
Options: --version Show program's version number and exit -h, --help Show this help message and exit --delay=DELAY Delay (sec) between tests (default: 0) --timeout=TIMEOUT Response timeout (sec) (default: 10) --proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080") --proxy-file=PRO.. Load (rotating) HTTP(s) proxy list from a file --random-agent Use random HTTP User-Agent header value --code=CODE Expected HTTP code in rejected responses --string=STRING Expected string in rejected responses --post Use POST body for sending payloads

0x01 identYwaf链接获取

公众号后台回复“identYwaf获取

往期回顾:


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg2NDM2MTE5Mw==&mid=2247495667&idx=1&sn=5d402765f1918eb835d6c574434a11b4&chksm=ce682075f91fa96349d23c34bee1f50bb1d7d6d8c96a8e2bb4bff8480150916a52cf61a3f956#rd
如有侵权请联系:admin#unsafe.sh