Ejemplo n.º 1
0
 def vendordetect(self, url, findall=False):
     if self.cache.has_key(url):
         wafw00f = self.cache[url]
     else:
         r = oururlparse(url)
         if r is None:
             return ['']
         (hostname, port, path, query, ssl) = r
         wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
         self.cache[url] = wafw00f
     return wafw00f.identwaf(findall=findall)
Ejemplo n.º 2
0
 def genericdetect(self, url):
     if self.cache.has_key(url):
         wafw00f = self.cache[url]
     else:
         r = oururlparse(url)
         if r is None:
             return {}
         (hostname, port, path, query, ssl) = r
         wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
         self.cache[url] = wafw00f
     wafw00f.genericdetect()
     return wafw00f.knowledge['generic']
Ejemplo n.º 3
0
 def alltests(self, url, findall=False):
     if self.cache.has_key(url):
         wafw00f = self.cache[url]
     else:
         r = oururlparse(url)
         if r is None:
             return {}
         (hostname, port, path, query, ssl) = r
         wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
         self.cache[url] = wafw00f
     wafw00f.identwaf(findall=findall)
     if (len(wafw00f.knowledge['wafname']) == 0) or (findall):
         wafw00f.genericdetect()
     return wafw00f.knowledge
Ejemplo n.º 4
0
def main():
    print(lackofart)
    parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
    parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
                      help='enable verbosity - multiple -v options increase verbosity')
    parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
                      help='Find all WAFs, do not stop testing on the first one')
    parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
                      default=True, help='Do not follow redirections given by 3xx responses')
    parser.add_option('-t', '--test', dest='test',
                      help='Test for one specific WAF')
    parser.add_option('-l', '--list', dest='list', action='store_true',
                      default=False, help='List all WAFs that we are able to detect')
    parser.add_option('-p', '--proxy', dest='proxy',
                      default=False, help='Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080')
    parser.add_option('--version', '-V', dest='version', action='store_true',
                      default=False, help='Print out the version')
    parser.add_option('--headersfile', '-H', dest='headersfile', action='store',
                      default=None, help='Pass custom headers, for example to overwrite the default User-Agent string')
    options, args = parser.parse_args()
    logging.basicConfig(level=calclogginglevel(options.verbose))
    log = logging.getLogger()
    if options.list:
        print('Can test for these WAFs:\r\n')
        attacker = WafW00F(None)
        print('\r\n'.join(attacker.wafdetections.keys()))
        return
    if options.version:
        print('WAFW00F version %s' % __version__)
        return
    extraheaders = {}
    if options.headersfile:
        log.info('Getting extra headers from %s' % options.headersfile)
        extraheaders = getheaders(options.headersfile)
        if extraheaders is None:
            parser.error('Please provide a headers file with colon delimited header names and values')
    if len(args) == 0:
        parser.error('we need a target site')
    targets = args
    for target in targets:
        if not (target.startswith('http://') or target.startswith('https://')):
            log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
            target = 'http://' + target
        print('Checking %s' % target)
        pret = oururlparse(target)
        if pret is None:
            log.critical('The url %s is not well formed' % target)
            sys.exit(1)
        (hostname, port, path, query, ssl) = pret
        log.info('starting wafw00f on %s' % target)
        attacker = WafW00F(hostname, port=port, ssl=ssl,
                           debuglevel=options.verbose, path=path,
                           followredirect=options.followredirect,
                           extraheaders=extraheaders,
                           proxy=options.proxy)
        if attacker.normalrequest() is None:
            log.error('Site %s appears to be down' % target)
            sys.exit(1)
        if options.test:
            if options.test in attacker.wafdetections:
                waf = attacker.wafdetections[options.test](attacker)
                if waf:
                    print('The site %s is behind a %s' % (target, options.test))
                else:
                    print('WAF %s was not detected on %s' % (options.test, target))
            else:
                print(
                    'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
            return
        waf = attacker.identwaf(options.findall)
        log.info('Ident WAF: %s' % waf)
        if len(waf) > 0:
            print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
        if (options.findall) or len(waf) == 0:
            print('Generic Detection results:')
            if attacker.genericdetect():
                log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
                print('The site %s seems to be behind a WAF or some sort of security solution' % target)
                print('Reason: %s' % attacker.knowledge['generic']['reason'])
            else:
                print('No WAF detected by the generic detection')
        print('Number of requests: %s' % attacker.requestnumber)
Ejemplo n.º 5
0
def main():
    print(lackofart)
    parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
    parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
                      help='enable verbosity - multiple -v options increase verbosity')
    parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
                      help='Find all WAFs, do not stop testing on the first one')
    parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
                      default=True, help='Do not follow redirections given by 3xx responses')
    parser.add_option('-t', '--test', dest='test',
                      help='Test for one specific WAF')
    parser.add_option('-l', '--list', dest='list', action='store_true',
                      default=False, help='List all WAFs that we are able to detect')
    parser.add_option('--xmlrpc', dest='xmlrpc', action='store_true',
                      default=False, help='Switch on the XML-RPC interface instead of CUI')
    parser.add_option('--xmlrpcport', dest='xmlrpcport', type='int',
                      default=8001, help='Specify an alternative port to listen on, default 8001')
    parser.add_option('--version', '-V', dest='version', action='store_true',
                      default=False, help='Print out the version')
    options, args = parser.parse_args()
    logging.basicConfig(level=calclogginglevel(options.verbose))
    log = logging.getLogger()
    if options.list:
        print('Can test for these WAFs:\r\n')
        attacker = WafW00F(None)
        print('\r\n'.join(attacker.wafdetectionsprio))
        return
    if options.version:
        print('WAFW00F version %s' % __version__)
        return
    elif options.xmlrpc:
        print('Starting XML-RPC interface')
        xmlrpc_interface(bindaddr=('localhost', options.xmlrpcport))
        return
    if len(args) == 0:
        parser.error('we need a target site')
    targets = args
    for target in targets:
        if not (target.startswith('http://') or target.startswith('https://')):
            log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
            target = 'http://' + target
        print('Checking %s' % target)
        pret = oururlparse(target)
        if pret is None:
            log.critical('The url %s is not well formed' % target)
            sys.exit(1)
        (hostname, port, path, query, ssl) = pret
        log.info('starting wafw00f on %s' % target)
        attacker = WafW00F(hostname, port=port, ssl=ssl,
                           debuglevel=options.verbose, path=path,
                           followredirect=options.followredirect)
        if attacker.normalrequest() is None:
            log.error('Site %s appears to be down' % target)
            sys.exit(1)
        if options.test:
            if attacker.wafdetections.has_key(options.test):
                waf = attacker.wafdetections[options.test](attacker)
                if waf:
                    print('The site %s is behind a %s' % (target, options.test))
                else:
                    print('WAF %s was not detected on %s' % (options.test, target))
            else:
                print(
                    'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
            return
        waf = attacker.identwaf(options.findall)
        log.info('Ident WAF: %s' % waf)
        if len(waf) > 0:
            print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
        if (options.findall) or len(waf) == 0:
            print('Generic Detection results:')
            if attacker.genericdetect():
                log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
                print('The site %s seems to be behind a WAF or some sort of security solution' % target)
                print('Reason: %s' % attacker.knowledge['generic']['reason'])
            else:
                print('No WAF detected by the generic detection')
        print('Number of requests: %s' % attacker.requestnumber)
Ejemplo n.º 6
0
def main():
    print(woof)
    parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
    parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
                      help='enable verbosity - multiple -v options increase verbosity')
    parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
                      help='Find all WAFs, do not stop testing on the first one')
    parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
                      default=True, help='Do not follow redirections given by 3xx responses')
    parser.add_option('-t', '--test', dest='test',
                      help='Test for one specific WAF')
    parser.add_option('-l', '--list', dest='list', action='store_true',
                      default=False, help='List all WAFs that we are able to detect')
    parser.add_option('-p', '--proxy', dest='proxy',
                      default=False, help='Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080')
    parser.add_option('--version', '-V', dest='version', action='store_true',
                      default=False, help='Print out the version')
    parser.add_option('--headersfile', '-H', dest='headersfile', 
                      action='store', default=None, 
                      help='Pass custom headers, for example to overwrite the default User-Agent string')
    options, args = parser.parse_args()
    logging.basicConfig(level=calclogginglevel(options.verbose))
    log = logging.getLogger()
    if options.list:
        print('Can test for these WAFs:\r\n')
        attacker = WafW00F(None)
        print('\r\n'.join(attacker.wafdetections.keys()))
        return
    if options.version:
        print('WAFW00F version %s' % __version__)
        return
    extraheaders = {}
    if options.headersfile:
        log.info('Getting extra headers from %s' % options.headersfile)
        extraheaders = getheaders(options.headersfile)
        if extraheaders is None:
            parser.error('Please provide a headers file with colon delimited header names and values')
    if len(args) == 0:
        parser.error('we need a target site')
    targets = args
    for target in targets:
        if not (target.startswith('http://') or target.startswith('https://')):
            log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
            target = 'http://' + target
        print('Checking %s' % target)
        pret = oururlparse(target)
        if pret is None:
            log.critical('The url %s is not well formed' % target)
            sys.exit(1)
        (hostname, port, path, _, ssl) = pret
        log.info('starting wafw00f on %s' % target)
        attacker = WafW00F(hostname, port=port, ssl=ssl,
                           debuglevel=options.verbose, path=path,
                           followredirect=options.followredirect,
                           extraheaders=extraheaders,
                           proxy=options.proxy)
        if attacker.normalrequest() is None:
            log.error('Site %s appears to be down' % target)
            continue
        if options.test:
            if options.test in attacker.wafdetections:
                waf = attacker.wafdetections[options.test](attacker)
                if waf:
                    print('The site %s is behind %s WAF.' % (target, options.test))
                else:
                    print('WAF %s was not detected on %s' % (options.test, target))
            else:
                print(
                    'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
            return
        waf = attacker.identwaf(options.findall)
        log.info('Ident WAF: %s' % waf)
        if len(waf) > 0:
            print('The site %s is behind %s WAF.' % (target, ' and/or '.join(waf)))
        if (options.findall) or len(waf) == 0:
            print('Generic Detection results:')
            if attacker.genericdetect():
                log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
                print('The site %s seems to be behind a WAF or some sort of security solution' % target)
                print('Reason: %s' % attacker.knowledge['generic']['reason'])
            else:
                print('No WAF detected by the generic detection')
        print('Number of requests: %s' % attacker.requestnumber)
Ejemplo n.º 7
0
def main():
    print(lackofart)
    parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
    parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
                      help='enable verbosity - multiple -v options increase verbosity')
    parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
                      help='Find all WAFs, do not stop testing on the first one')
    parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
                      default=True, help='Do not follow redirections given by 3xx responses')
    parser.add_option('-t', '--test', dest='test',
                      help='Test for one specific WAF')
    parser.add_option('-l', '--list', dest='list', action='store_true',
                      default=False, help='List all WAFs that we are able to detect')
    parser.add_option('--xmlrpc', dest='xmlrpc', action='store_true',
                      default=False, help='Switch on the XML-RPC interface instead of CUI')
    parser.add_option('--xmlrpcport', dest='xmlrpcport', type='int',
                      default=8001, help='Specify an alternative port to listen on, default 8001')
    parser.add_option('--version', '-V', dest='version', action='store_true',
                      default=False, help='Print out the version')
    options, args = parser.parse_args()
    logging.basicConfig(level=calclogginglevel(options.verbose))
    log = logging.getLogger()
    if options.list:
        print('Can test for these WAFs:\r\n')
        attacker = WafW00F(None)
        print('\r\n'.join(attacker.wafdetectionsprio))
        return
    if options.version:
        print('WAFW00F version %s' % __version__)
        return
    elif options.xmlrpc:
        print('Starting XML-RPC interface')
        xmlrpc_interface(bindaddr=('localhost', options.xmlrpcport))
        return
    if len(args) == 0:
        parser.error('we need a target site')
    targets = args
    for target in targets:
        if not (target.startswith('http://') or target.startswith('https://')):
            log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
            target = 'http://' + target
        print('Checking %s' % target)
        pret = oururlparse(target)
        if pret is None:
            log.critical('The url %s is not well formed' % target)
            sys.exit(1)
        (hostname, port, path, query, ssl) = pret
        log.info('starting wafw00f on %s' % target)
        attacker = WafW00F(hostname, port=port, ssl=ssl,
                           debuglevel=options.verbose, path=path,
                           followredirect=options.followredirect)
        if attacker.normalrequest() is None:
            log.error('Site %s appears to be down' % target)
            sys.exit(1)
        if options.test:
            if attacker.wafdetections.has_key(options.test):
                waf = attacker.wafdetections[options.test](attacker)
                if waf:
                    print('The site %s is behind a %s' % (target, options.test))
                else:
                    print('WAF %s was not detected on %s' % (options.test, target))
            else:
                print(
                    'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
            return
        waf = attacker.identwaf(options.findall)
        log.info('Ident WAF: %s' % waf)
        if len(waf) > 0:
            print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
        if (options.findall) or len(waf) == 0:
            print('Generic Detection results:')
            if attacker.genericdetect():
                log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
                print('The site %s seems to be behind a WAF or some sort of security solution' % target)
                print('Reason: %s' % attacker.knowledge['generic']['reason'])
            else:
                print('No WAF detected by the generic detection')
        print('Number of requests: %s' % attacker.requestnumber)