手工识别WAF与Windows、kali下安装并使用wafw00f
一、软件检测原理
发送正常的 HTTP请求并分析响应;这确定了许多WAF解决方案。
如果不成功,则发送多个(可能是恶意的)HTTP请求,并使用简单的逻辑来取代它是其中WAF。
如果还是不成功,则分析先前回复的响应,并使用另一种简单算法来猜测WAF或安全解决方案是否正在积极响应我们的攻击。
二、windows下wafw00f安装使用
1、介绍
检测waf类型的一款工具,经常更新,效果还不错
2、下载
https://github.com/EnableSecurity/wafw00f
解压zip文件夹后放到你的python中lib文件夹
3、安装
进入cmd,进入你解压出来的文件路径
python setup.py install
安装后会多出一个文件夹下图wafw00f.egg-info
完成
进入里面,运行main.py
python main.py
探测网站是否存在WAF
执行python main.py www.baidu.com
三、kali自带wafw00f使用
使用
wafw00f -l
和Windows一样的使用
以下是
ACE XML Gateway Cisco
aeSecure aeSecure
AireeCDN Airee
Airlock Phion/Ergon
Alert Logic Alert Logic
AliYunDun Alibaba Cloud Computing
Anquanbao Anquanbao
AnYu AnYu Technologies
Approach Approach
AppWall Radware
Armor Defense Armor
ArvanCloud ArvanCloud
ASP.NET Generic Microsoft
ASPA Firewall ASPA Engineering Co.
Astra Czar Securities
AWS Elastic Load Balancer Amazon
AzionCDN AzionCDN
Azure Front Door Microsoft
Barikode Ethic Ninja
Barracuda Barracuda Networks
Bekchy Faydata Technologies Inc.
Beluga CDN Beluga
BIG-IP Local Traffic Manager F5 Networks
BinarySec BinarySec
BitNinja BitNinja
BlockDoS BlockDoS
Bluedon Bluedon IST
BulletProof Security Pro AITpro Security
CacheWall Varnish
CacheFly CDN CacheFly
Comodo cWatch Comodo CyberSecurity
CdnNS Application Gateway CdnNs/WdidcNet
ChinaCache Load Balancer ChinaCache
Chuang Yu Shield Yunaq
Cloudbric Penta Security
Cloudflare Cloudflare Inc.
Cloudfloor Cloudfloor DNS
Cloudfront Amazon
CrawlProtect Jean-Denis Brun
DataPower IBM
DenyALL Rohde & Schwarz CyberSecurity
Distil Distil Networks
DOSarrest DOSarrest Internet Security
DotDefender Applicure Technologies
DynamicWeb Injection Check DynamicWeb
Edgecast Verizon Digital Media
Eisoo Cloud Firewall Eisoo
Expression Engine EllisLab
BIG-IP AppSec Manager F5 Networks
BIG-IP AP Manager F5 Networks
Fastly Fastly CDN
FirePass F5 Networks
FortiWeb Fortinet
GoDaddy Website Protection GoDaddy
Greywizard Grey Wizard
Huawei Cloud Firewall Huawei
HyperGuard Art of Defense
Imunify360 CloudLinux
Incapsula Imperva Inc.
IndusGuard Indusface
Instart DX Instart Logic
ISA Server Microsoft
Janusec Application Gateway Janusec
Jiasule Jiasule
Kona SiteDefender Akamai
KS-WAF KnownSec
KeyCDN KeyCDN
LimeLight CDN LimeLight
LiteSpeed LiteSpeed Technologies
Open-Resty Lua Nginx FLOSS
Oracle Cloud Oracle
Malcare Inactiv
MaxCDN MaxCDN
Mission Control Shield Mission Control
ModSecurity SpiderLabs
NAXSI NBS Systems
Nemesida PentestIt
NevisProxy AdNovum
NetContinuum Barracuda Networks
NetScaler AppFirewall Citrix Systems
Newdefend NewDefend
NexusGuard Firewall NexusGuard
NinjaFirewall NinTechNet
NullDDoS Protection NullDDoS
NSFocus NSFocus Global Inc.
OnMessage Shield BlackBaud
Palo Alto Next Gen Firewall Palo Alto Networks
PerimeterX PerimeterX
PentaWAF Global Network Services
pkSecurity IDS pkSec
PT Application Firewall Positive Technologies
PowerCDN PowerCDN
Profense ArmorLogic
Puhui Puhui
Qcloud Tencent Cloud
Qiniu Qiniu CDN
Reblaze Reblaze
RSFirewall RSJoomla!
RequestValidationMode Microsoft
Sabre Firewall Sabre
Safe3 Web Firewall Safe3
Safedog SafeDog
Safeline Chaitin Tech.
SecKing SecKing
eEye SecureIIS BeyondTrust
SecuPress WP Security SecuPress
SecureSphere Imperva Inc.
Secure Entry United Security Providers
SEnginx Neusoft
ServerDefender VP Port80 Software
Shield Security One Dollar Plugin
Shadow Daemon Zecure
SiteGround SiteGround
SiteGuard Sakura Inc.
Sitelock TrueShield
SonicWall Dell
UTM Web Protection Sophos
Squarespace Squarespace
SquidProxy IDS SquidProxy
StackPath StackPath
Sucuri CloudProxy Sucuri Inc.
Tencent Cloud Firewall Tencent Technologies
Teros Citrix Systems
Trafficshield F5 Networks
TransIP Web Firewall TransIP
URLMaster SecurityCheck iFinity/DotNetNuke
URLScan Microsoft
UEWaf UCloud
Varnish OWASP
Viettel Cloudrity
VirusDie VirusDie LLC
Wallarm Wallarm Inc.
WatchGuard WatchGuard Technologies
WebARX WebARX Security Solutions
WebKnight AQTRONIX
WebLand WebLand
wpmudev WAF Incsub
RayWAF WebRay Solutions
WebSEAL IBM
WebTotem WebTotem
West263 CDN West263CDN
Wordfence Defiant
WP Cerber Security Cerber Tech
WTS-WAF WTS
360WangZhanBao 360 Technologies
XLabs Security WAF XLabs
Xuanwudun Xuanwudun
Yundun Yundun
Yunsuo Yunsuo
Yunjiasu Baidu Cloud Computing
YXLink YxLink Technologies
Zenedge Zenedge
ZScaler Accenture
手工识别waf
1.http请求包分析响应数据
奇安信安域WAF标识,对网站进行正常访问,查看响应的头部信息,在X-Powered-By内显示“anyu.qianxin.com”的标识,代表安装了奇安信安域WAF
HTTP/1.1 200 OK
Server: CWAP-waf
Date: Mon, 10 May 2021 03:56:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: anyu.qianxin.com
X-Powered-By: PHP/7.3.10
WZWS-RAY: 1129-1620647782.725-s3zzuc
Content-Length: 94142
云盾:响应头包含yundun关键字;页面源代码有errors.aliyun.com
安全狗:响应头包含waf2.0、Safedog等字样
腾讯云:阻止响应页面,包含waf.tencent-clound.com
阻止响应代码405 method not allow
安全宝:恶意请求时返回405恶意代码 响应头包含X-Powered-by:Anquanbao
百度云加速:响应头包含Yunjiasu-ngnix
创宇盾:恶意请求时页面URL:365cyd.com、365cyd.net
2.通过访问不存在的页分析页面
3.请求恶意字符分析响应或敏感页面
and 1=1
cat…/…/…/…/passwd
访问phpinfo.php