WAFW00F

The Web Application Firewall Fingerprinting Tool.
— From Enable Security

## 它是如何工作的？ 为了实现其功能，WAFW00F 执行以下操作： - 发送一个*正常*的 HTTP 请求并分析响应；这可以识别许多 WAF 解决方案。 - 如果不成功，它会发送多个（可能是恶意的）HTTP 请求，并使用简单的逻辑推断是哪个 WAF。 - 如果这也不成功，它会分析之前返回的响应，并使用另一种简单的算法来猜测是否有 WAF 或安全解决方案正在主动响应我们的攻击。 欲了解更多详情，请查看我们[主仓库](https://github.com/EnableSecurity/wafw00f)中的源代码。 ## 它能检测什么？ WAFW00F 可以检测多种防火墙，列表如下： ``` $ wafw00f -l ? ,. ( . ) . " __ ?? (" ) )' ,' ) . (` '` (___()'`; ??? .; ) ' (( (" ) ;(, (( ( ;) " )") /,___ /` _"., ,._'_.,)_(..,( . )_ _' )_') (. _..( ' ) \\ \\ |____|____|____|____|____|____|____|____|____| ~ WAFW00F : v2.4.2 ~ ~ Sniffing Web Application Firewalls since 2009 ~ [+] Can test for these WAFs: WAF Name Manufacturer -------- ------------ 360PanYun 360 Technologies 360WangZhanBao 360 Technologies ACE XML Gateway Cisco ASP.NET Generic Microsoft ASPA Firewall ASPA Engineering Co. AWS Elastic Load Balancer Amazon AireeCDN Airee Airlock Phion/Ergon Alert Logic Alert Logic AliYunDun Alibaba Cloud Computing AnYu AnYu Technologies Anquanbao Anquanbao Anubis Techaro AppWall Radware Approach Approach Armor Defense Armor ArvanCloud ArvanCloud Astra Czar Securities Azion Edge Firewall Azion Azure Application Gateway Microsoft Azure Front Door Microsoft BIG-IP AP Manager F5 Networks BIG-IP AppSec Manager F5 Networks BIG-IP Local Traffic Manager F5 Networks Barikode Ethic Ninja Barracuda Barracuda Networks Baffin Bay Mastercard Bekchy Faydata Technologies Inc. Beluga CDN Beluga BinarySec BinarySec BitNinja BitNinja BlockDoS BlockDoS Bluedon Bluedon IST BulletProof Security Pro AITpro Security CacheFly CDN CacheFly CacheWall Varnish CdnNS Application Gateway CdnNs/WdidcNet ChinaCache Load Balancer ChinaCache Chuang Yu Shield Yunaq Cloud Protector Rohde & Schwarz CyberSecurity Cloudbric Penta Security Cloudflare Cloudflare Inc. Cloudfloor Cloudfloor DNS Cloudfront Amazon Comodo cWatch Comodo CyberSecurity CrawlProtect Jean-Denis Brun DDoS-GUARD DDOS-GUARD CORP. DOSarrest DOSarrest Internet Security DataPower IBM DenyALL Rohde & Schwarz CyberSecurity Distil Distil Networks DotDefender Applicure Technologies DynamicWeb Injection Check DynamicWeb Edgecast Verizon Digital Media Eisoo Cloud Firewall Eisoo Envoy EnvoyProxy Expression Engine EllisLab Fastly Fastly CDN FirePass F5 Networks FortiGate Fortinet FortiGuard Fortinet FortiWeb Fortinet GoDaddy Website Protection GoDaddy Google Cloud App Armor Google Cloud Greywizard Grey Wizard Huawei Cloud Firewall Huawei HyperGuard Art of Defense ISA Server Microsoft Imunify360 CloudLinux Incapsula Imperva Inc. IndusGuard Indusface Instart DX Instart Logic Janusec Application Gateway Janusec Jiasule Jiasule KS-WAF KnownSec Kemp LoadMaster Progress Software KeyCDN KeyCDN Kona SiteDefender Akamai LimeLight CDN LimeLight Link11 WAAP Link11 LiteSpeed LiteSpeed Technologies Malcare Inactiv MaxCDN MaxCDN Mission Control Shield Mission Control ModSecurity SpiderLabs NAXSI NBS Systems NSFocus NSFocus Global Inc. Nemesida PentestIt NetContinuum Barracuda Networks NetScaler AppFirewall Citrix Systems NevisProxy AdNovum Newdefend NewDefend NexusGuard Firewall NexusGuard NinjaFirewall NinTechNet NullDDoS Protection NullDDoS OnMessage Shield BlackBaud Open-Resty Lua Nginx FLOSS Oracle Cloud Oracle PT Application Firewall Positive Technologies Palo Alto Next Gen Firewall Palo Alto Networks PentaWAF Global Network Services PerimeterX PerimeterX PowerCDN PowerCDN Profense ArmorLogic Puhui Puhui Qcloud Tencent Cloud Qiniu Qiniu CDN Qrator Qrator RSFirewall RSJoomla! RayWAF WebRay Solutions Reblaze Reblaze Reflected Networks Reflected Networks RequestValidationMode Microsoft SEnginx Neusoft Sabre Firewall Sabre Safe3 Web Firewall Safe3 Safedog SafeDog Safeline Chaitin Tech. Scutum Secure Sky Technology Inc. SecKing SecKing SecuPress WP Security SecuPress Secure Entry United Security Providers SecureSphere Imperva Inc. ServerDefender VP Port80 Software Shadow Daemon Zecure Shield Security One Dollar Plugin SiteGround SiteGround SiteGuard EG Secure Solutions Inc. Sitelock TrueShield SonicWall Dell Squarespace Squarespace SquidProxy IDS SquidProxy StackPath StackPath Sucuri CloudProxy Sucuri Inc. Tencent Cloud Firewall Tencent Technologies Teros Citrix Systems ThreatX A10 Networks Trafficshield F5 Networks TransIP Web Firewall TransIP UEWaf UCloud URLMaster SecurityCheck iFinity/DotNetNuke URLScan Microsoft UTM Web Protection Sophos Variti Variti Varnish OWASP Vercel WAF Vercel Viettel Cloudrity VirusDie VirusDie LLC WP Cerber Security Cerber Tech WTS-WAF WTS Wallarm Wallarm Inc. WatchGuard WatchGuard Technologies WebARX WebARX Security Solutions WebKnight AQTRONIX WebLand WebLand WebSEAL IBM WebTotem WebTotem West263 CDN West263CDN Wordfence Defiant XLabs Security WAF XLabs Xuanwudun Xuanwudun YXLink YxLink Technologies Yundun Yundun Yunjiasu Baidu Cloud Computing Yunsuo Yunsuo ZScaler Accenture Zenedge Zenedge aeSecure aeSecure eEye SecureIIS BeyondTrust pkSecurity IDS pkSec wpmudev WAF Incsub Shieldon Firewall Shieldon.io ``` ## 我该如何使用它？ 首先，按照[此处](#how-do-i-install-it)描述安装工具。 如需帮助，您可以使用 `--help` 选项。基本用法是将 URL 作为参数传递。示例： ``` $ wafw00f https://example.org ______ / \ ( Woof! ) \ ____/ ) ,, ) (_ .-. - _______ ( |__| ()``; |==|_______) .)|__| / (' /|\ ( |__| ( / ) / | \ . |__| \(_)_)) / | \ |__| ~ WAFW00F : v2.4.2 ~ The Web Application Firewall Fingerprinting Toolkit [*] Checking https://example.org [+] The site https://example.org is behind Edgecast (Verizon Digital Media) WAF. [~] Number of requests: 2 ``` ## 我该如何安装它？ ### 从 PyPI 安装（推荐） 运行： ``` python3 -m pip install wafw00f ``` 或者 ``` pip3 install wafw00f ``` ### 通过 Docker 也可以在 Docker 容器中运行它。首先克隆此仓库，然后使用以下命令构建 Docker 镜像： ``` docker build . -t wafw00f ``` 现在您可以运行： ``` docker run --rm -it wafw00f https://example.com ``` ### 从源码安装 克隆仓库： ``` git clone https://github.com/enablesecurity/wafw00f.git ``` 然后： ``` cd wafw00f/ python3 -m pip install . ``` 或者，直接使用 pipx： ``` pipx install git+https://github.com/EnableSecurity/wafw00f.git ``` ## 结语 __有问题？__ 请在 [GitHub Issue Tracker](https://github.com/enablesecurity/wafw00f/issues/new) 上提出 issue 或联系[我](mailto:sandro@enablesecurity.com)。 非常欢迎[Pull requests](https://github.com/enablesecurity/wafw00f/pulls)、[想法和 issues](https://github.com/enablesecurity/wafw00f/issues)。 一些有用的链接： - [文档/Wiki](https://github.com/enablesecurity/wafw00f/wiki/) - [Pypi Package Repository](https://pypi.org/project/wafw00f) 目前的开发和维护者： - Sandro Gauci ([@SandroGauci](https://twitter.com/sandrogauci)) - Pinaki Mondal ([@0xInfection](https://twitter.com/0xinfection))

标签：C2日志可视化, HTTP分析, Python, WAF识别, Web应用防火墙检测, 密码管理, 开源安全工具, 指纹识别, 插件系统, 无后门, 私有化部署, 网络安全, 请求拦截, 逆向工具, 逆向工程平台, 防御规避, 隐私保护