步骤一:安装
源码安装
首先下载
git clone https://github.com/EnableSecurity/wafw00f.git
#cd wafw00f
#python setup.py install
安装完成后位置
步骤二:查询支持的WAF检测 (目前大约38个)
#wafw00f -l
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.' \ / __7/ /,' \ ,' \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
<
...'
WAFW00F - Web Application Firewall Detection Tool
By Sandro Gauci && Wendel G. Henrique
Can test for these WAFs:
Anquanbao #安全宝 http://www.anquanbao.com 软件
Juniper WebApp Secure
IBM Web Application Security
Cisco ACE XML Gateway
Better WP Security
F5 BIG-IP APM
360WangZhanBao #360网站宝
ModSecurity (OWASP CRS)
PowerCDN
Safedog #安全狗
F5 FirePass
DenyALL WAF
Trustwave ModSecurity
CloudFlare
Imperva SecureSphere
Incapsula WAF
Citrix NetScaler
F5 BIG-IP LTM
Art of Defence HyperGuard
Aqtronix WebKnight
Teros WAF
eEye Digital Security SecureIIS
BinarySec
IBM DataPower
Microsoft ISA Server
NetContinuum
NSFocus
ChinaCache-CDN
West263CDN
InfoGuard Airlock
Barracuda Application Firewall
F5 BIG-IP ASM
Profense
Mission Control Application Shield
Microsoft URLScan
Applicure dotDefender
USP Secure Entry Server
F5 Trafficshield
步骤三:检测
1) #wafw00f http://address
检测到对方阿里云使用是开源ModSecurity WAF
2) 检测是否有多个WAF
跟1)不同的是使用参数-a可以检测所有支持waf
#wafw00f -a url
3) 更安全的访问方式使用代理(目前支持http和socks5)
#wafw00f -a -p proxyurl:port url