Web--WAF检测工具

WAF

waf是一个web应用的保护装置,入侵检测系统IDS,入侵阻止系统IPS.

nmap

nmap -p 80 --script http-waf-detect.nse www.baidu.com
Nmap scan report for www.baidu.com (61.135.169.125)
Host is up (0.0042s latency).
Other addresses for www.baidu.com (not scanned): 61.135.169.121

PORT   STATE SERVICE
80/tcp open  http
| http-waf-detect: IDS/IPS/WAF detected:
|_www.baidu.com:80/?p4yl04d3=<script>alert(document.cookie)</script>

更加准确的检查 可使用--script=http-waf-fingerprint

Wafw00f

这款工具可以识别很多厂家的web防火墙

Options:
  -h, --help            show this help message and exit
  -v, --verbose         enable verbosity - multiple -v options increase
                        verbosity
  -a, --findall         Find all WAFs, do not stop testing on the first one
  -r, --disableredirect
                        Do not follow redirections given by 3xx responses
  -t TEST, --test=TEST  Test for one specific WAF
  -l, --list            List all WAFs that we are able to detect
  -p PROXY, --proxy=PROXY
                        Use an HTTP proxy to perform requests, example:
                        http://hostname:8080, socks5://hostname:1080
  -V, --version         Print out the version
  -H HEADERSFILE, --headersfile=HEADERSFILE
                        Pass custom headers, for example to overwrite the
                        default User-Agent string

-l 命令可以查看有那些防火墙品牌 -t 还可指定检查是否装置该品牌的防火墙装置 -a -v 将会检查所有

wafw00f -l

Can test for these WAFs:

InfoGuard Airlock
Anquanbao
Barracuda Application Firewall
Better WP Security
BinarySec
BlockDoS
ChinaCache-CDN
Cisco ACE XML Gateway
CloudFlare
Comodo WAF
DenyALL WAF
Applicure dotDefender
Edgecast / Verizon Digital media
F5 BIG-IP APM
F5 BIG-IP ASM
F5 BIG-IP LTM
F5 FirePass
F5 Trafficshield
FortiWeb
Art of Defence HyperGuard
IBM Web Application Security
IBM DataPower
Imperva SecureSphere
Incapsula WAF
Microsoft ISA Server
Mission Control Application Shield
Trustwave ModSecurity
ModSecurity (OWASP CRS)
Naxsi
NetContinuum
Citrix NetScaler
AdNovum nevisProxy
NSFocus
PowerCDN
Profense
Radware AppWall
Safedog
eEye Digital Security SecureIIS
Sucuri WAF
Teros WAF
Microsoft URLScan
USP Secure Entry Server
Wallarm
Aqtronix WebKnight
Juniper WebApp Secure
West263CDN
360WangZhanBao

wafw00f www.baidu.com

Checking http://www.baidu.com
The site http://www.baidu.com is behind a ModSecurity (OWASP CRS)
Number of requests: 13

指定检查

wafw00f www.baidu.com -t CloudFlare

Checking http://www.baidu.com
WAF CloudFlare was not detected on http://www.baidu.com