WAF自动检测

步骤一:安装

     源码安装

     首先下载

     git  clone  https://github.com/EnableSecurity/wafw00f.git

     #cd wafw00f

     #python setup.py install

 

     安装完成后位置

    

 

步骤二:查询支持的WAF检测 (目前大约38个)

    #wafw00f  -l

                                    ^     ^

        _   __  _   ____ _   __  _    _   ____

       ///7/ /.' \ / __7/ /,' \ ,' \ / __/

      | V V // o // _/ | V V // 0 // 0 // _/

      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/

                                <

                                 ...'

 

    WAFW00F - Web Application Firewall Detection Tool

 

    By Sandro Gauci && Wendel G. Henrique

 

Can test for these WAFs:

 

Anquanbao         #安全宝 http://www.anquanbao.com  软件

Juniper WebApp Secure

IBM Web Application Security

Cisco ACE XML Gateway

Better WP Security

F5 BIG-IP APM

360WangZhanBao   #360网站宝

ModSecurity (OWASP CRS)

PowerCDN

Safedog           #安全狗

F5 FirePass

DenyALL WAF

Trustwave ModSecurity

CloudFlare

Imperva SecureSphere

Incapsula WAF

Citrix NetScaler

F5 BIG-IP LTM

Art of Defence HyperGuard

Aqtronix WebKnight

Teros WAF

eEye Digital Security SecureIIS

BinarySec

IBM DataPower

Microsoft ISA Server

NetContinuum

NSFocus

ChinaCache-CDN

West263CDN

InfoGuard Airlock

Barracuda Application Firewall

F5 BIG-IP ASM

Profense

Mission Control Application Shield

Microsoft URLScan

Applicure dotDefender

USP Secure Entry Server

F5 Trafficshield

 

步骤三:检测

1)  #wafw00f  http://address

     

      检测到对方阿里云使用是开源ModSecurity WAF

2)  检测是否有多个WAF

      跟1)不同的是使用参数-a可以检测所有支持waf

      #wafw00f  -a  url

3)  更安全的访问方式使用代理(目前支持http和socks5)

      #wafw00f  -a  -p  proxyurl:port   url

转载于:https://www.cnblogs.com/superf0sh/p/5611978.html

你可能感兴趣的:(WAF自动检测)