def vendordetect(self, url, findall=False):
if self.cache.has_key(url):
wafw00f = self.cache[url]
else:
r = oururlparse(url)
if r is None:
return ['']
(hostname, port, path, query, ssl) = r
wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
self.cache[url] = wafw00f
return wafw00f.identwaf(findall=findall)
def genericdetect(self, url):
if self.cache.has_key(url):
wafw00f = self.cache[url]
else:
r = oururlparse(url)
if r is None:
return {}
(hostname, port, path, query, ssl) = r
wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
self.cache[url] = wafw00f
wafw00f.genericdetect()
return wafw00f.knowledge['generic']
def alltests(self, url, findall=False):
if self.cache.has_key(url):
wafw00f = self.cache[url]
else:
r = oururlparse(url)
if r is None:
return {}
(hostname, port, path, query, ssl) = r
wafw00f = WafW00F(target=hostname, port=port, path=path, ssl=ssl, extraheaders=extraheaders)
self.cache[url] = wafw00f
wafw00f.identwaf(findall=findall)
if (len(wafw00f.knowledge['wafname']) == 0) or (findall):
wafw00f.genericdetect()
return wafw00f.knowledge
def main():
print(lackofart)
parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
help='enable verbosity - multiple -v options increase verbosity')
parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
help='Find all WAFs, do not stop testing on the first one')
parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
default=True, help='Do not follow redirections given by 3xx responses')
parser.add_option('-t', '--test', dest='test',
help='Test for one specific WAF')
parser.add_option('-l', '--list', dest='list', action='store_true',
default=False, help='List all WAFs that we are able to detect')
parser.add_option('-p', '--proxy', dest='proxy',
default=False, help='Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080')
parser.add_option('--version', '-V', dest='version', action='store_true',
default=False, help='Print out the version')
parser.add_option('--headersfile', '-H', dest='headersfile', action='store',
default=None, help='Pass custom headers, for example to overwrite the default User-Agent string')
options, args = parser.parse_args()
logging.basicConfig(level=calclogginglevel(options.verbose))
log = logging.getLogger()
if options.list:
print('Can test for these WAFs:\r\n')
attacker = WafW00F(None)
print('\r\n'.join(attacker.wafdetections.keys()))
return
if options.version:
print('WAFW00F version %s' % __version__)
return
extraheaders = {}
if options.headersfile:
log.info('Getting extra headers from %s' % options.headersfile)
extraheaders = getheaders(options.headersfile)
if extraheaders is None:
parser.error('Please provide a headers file with colon delimited header names and values')
if len(args) == 0:
parser.error('we need a target site')
targets = args
for target in targets:
if not (target.startswith('http://') or target.startswith('https://')):
log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
target = 'http://' + target
print('Checking %s' % target)
pret = oururlparse(target)
if pret is None:
log.critical('The url %s is not well formed' % target)
sys.exit(1)
(hostname, port, path, query, ssl) = pret
log.info('starting wafw00f on %s' % target)
attacker = WafW00F(hostname, port=port, ssl=ssl,
debuglevel=options.verbose, path=path,
followredirect=options.followredirect,
extraheaders=extraheaders,
proxy=options.proxy)
if attacker.normalrequest() is None:
log.error('Site %s appears to be down' % target)
sys.exit(1)
if options.test:
if options.test in attacker.wafdetections:
waf = attacker.wafdetections[options.test](attacker)
if waf:
print('The site %s is behind a %s' % (target, options.test))
else:
print('WAF %s was not detected on %s' % (options.test, target))
else:
print(
'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
return
waf = attacker.identwaf(options.findall)
log.info('Ident WAF: %s' % waf)
if len(waf) > 0:
print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
if (options.findall) or len(waf) == 0:
print('Generic Detection results:')
if attacker.genericdetect():
log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
print('The site %s seems to be behind a WAF or some sort of security solution' % target)
print('Reason: %s' % attacker.knowledge['generic']['reason'])
else:
print('No WAF detected by the generic detection')
print('Number of requests: %s' % attacker.requestnumber)
def main():
print(lackofart)
parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
help='enable verbosity - multiple -v options increase verbosity')
parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
help='Find all WAFs, do not stop testing on the first one')
parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
default=True, help='Do not follow redirections given by 3xx responses')
parser.add_option('-t', '--test', dest='test',
help='Test for one specific WAF')
parser.add_option('-l', '--list', dest='list', action='store_true',
default=False, help='List all WAFs that we are able to detect')
parser.add_option('--xmlrpc', dest='xmlrpc', action='store_true',
default=False, help='Switch on the XML-RPC interface instead of CUI')
parser.add_option('--xmlrpcport', dest='xmlrpcport', type='int',
default=8001, help='Specify an alternative port to listen on, default 8001')
parser.add_option('--version', '-V', dest='version', action='store_true',
default=False, help='Print out the version')
options, args = parser.parse_args()
logging.basicConfig(level=calclogginglevel(options.verbose))
log = logging.getLogger()
if options.list:
print('Can test for these WAFs:\r\n')
attacker = WafW00F(None)
print('\r\n'.join(attacker.wafdetectionsprio))
return
if options.version:
print('WAFW00F version %s' % __version__)
return
elif options.xmlrpc:
print('Starting XML-RPC interface')
xmlrpc_interface(bindaddr=('localhost', options.xmlrpcport))
return
if len(args) == 0:
parser.error('we need a target site')
targets = args
for target in targets:
if not (target.startswith('http://') or target.startswith('https://')):
log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
target = 'http://' + target
print('Checking %s' % target)
pret = oururlparse(target)
if pret is None:
log.critical('The url %s is not well formed' % target)
sys.exit(1)
(hostname, port, path, query, ssl) = pret
log.info('starting wafw00f on %s' % target)
attacker = WafW00F(hostname, port=port, ssl=ssl,
debuglevel=options.verbose, path=path,
followredirect=options.followredirect)
if attacker.normalrequest() is None:
log.error('Site %s appears to be down' % target)
sys.exit(1)
if options.test:
if attacker.wafdetections.has_key(options.test):
waf = attacker.wafdetections[options.test](attacker)
if waf:
print('The site %s is behind a %s' % (target, options.test))
else:
print('WAF %s was not detected on %s' % (options.test, target))
else:
print(
'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
return
waf = attacker.identwaf(options.findall)
log.info('Ident WAF: %s' % waf)
if len(waf) > 0:
print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
if (options.findall) or len(waf) == 0:
print('Generic Detection results:')
if attacker.genericdetect():
log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
print('The site %s seems to be behind a WAF or some sort of security solution' % target)
print('Reason: %s' % attacker.knowledge['generic']['reason'])
else:
print('No WAF detected by the generic detection')
print('Number of requests: %s' % attacker.requestnumber)
def main():
print(woof)
parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
help='enable verbosity - multiple -v options increase verbosity')
parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
help='Find all WAFs, do not stop testing on the first one')
parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
default=True, help='Do not follow redirections given by 3xx responses')
parser.add_option('-t', '--test', dest='test',
help='Test for one specific WAF')
parser.add_option('-l', '--list', dest='list', action='store_true',
default=False, help='List all WAFs that we are able to detect')
parser.add_option('-p', '--proxy', dest='proxy',
default=False, help='Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080')
parser.add_option('--version', '-V', dest='version', action='store_true',
default=False, help='Print out the version')
parser.add_option('--headersfile', '-H', dest='headersfile',
action='store', default=None,
help='Pass custom headers, for example to overwrite the default User-Agent string')
options, args = parser.parse_args()
logging.basicConfig(level=calclogginglevel(options.verbose))
log = logging.getLogger()
if options.list:
print('Can test for these WAFs:\r\n')
attacker = WafW00F(None)
print('\r\n'.join(attacker.wafdetections.keys()))
return
if options.version:
print('WAFW00F version %s' % __version__)
return
extraheaders = {}
if options.headersfile:
log.info('Getting extra headers from %s' % options.headersfile)
extraheaders = getheaders(options.headersfile)
if extraheaders is None:
parser.error('Please provide a headers file with colon delimited header names and values')
if len(args) == 0:
parser.error('we need a target site')
targets = args
for target in targets:
if not (target.startswith('http://') or target.startswith('https://')):
log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
target = 'http://' + target
print('Checking %s' % target)
pret = oururlparse(target)
if pret is None:
log.critical('The url %s is not well formed' % target)
sys.exit(1)
(hostname, port, path, _, ssl) = pret
log.info('starting wafw00f on %s' % target)
attacker = WafW00F(hostname, port=port, ssl=ssl,
debuglevel=options.verbose, path=path,
followredirect=options.followredirect,
extraheaders=extraheaders,
proxy=options.proxy)
if attacker.normalrequest() is None:
log.error('Site %s appears to be down' % target)
continue
if options.test:
if options.test in attacker.wafdetections:
waf = attacker.wafdetections[options.test](attacker)
if waf:
print('The site %s is behind %s WAF.' % (target, options.test))
else:
print('WAF %s was not detected on %s' % (options.test, target))
else:
print(
'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
return
waf = attacker.identwaf(options.findall)
log.info('Ident WAF: %s' % waf)
if len(waf) > 0:
print('The site %s is behind %s WAF.' % (target, ' and/or '.join(waf)))
if (options.findall) or len(waf) == 0:
print('Generic Detection results:')
if attacker.genericdetect():
log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
print('The site %s seems to be behind a WAF or some sort of security solution' % target)
print('Reason: %s' % attacker.knowledge['generic']['reason'])
else:
print('No WAF detected by the generic detection')
print('Number of requests: %s' % attacker.requestnumber)
def main():
print(lackofart)
parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
help='enable verbosity - multiple -v options increase verbosity')
parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
help='Find all WAFs, do not stop testing on the first one')
parser.add_option('-r', '--disableredirect', action='store_false', dest='followredirect',
default=True, help='Do not follow redirections given by 3xx responses')
parser.add_option('-t', '--test', dest='test',
help='Test for one specific WAF')
parser.add_option('-l', '--list', dest='list', action='store_true',
default=False, help='List all WAFs that we are able to detect')
parser.add_option('--xmlrpc', dest='xmlrpc', action='store_true',
default=False, help='Switch on the XML-RPC interface instead of CUI')
parser.add_option('--xmlrpcport', dest='xmlrpcport', type='int',
default=8001, help='Specify an alternative port to listen on, default 8001')
parser.add_option('--version', '-V', dest='version', action='store_true',
default=False, help='Print out the version')
options, args = parser.parse_args()
logging.basicConfig(level=calclogginglevel(options.verbose))
log = logging.getLogger()
if options.list:
print('Can test for these WAFs:\r\n')
attacker = WafW00F(None)
print('\r\n'.join(attacker.wafdetectionsprio))
return
if options.version:
print('WAFW00F version %s' % __version__)
return
elif options.xmlrpc:
print('Starting XML-RPC interface')
xmlrpc_interface(bindaddr=('localhost', options.xmlrpcport))
return
if len(args) == 0:
parser.error('we need a target site')
targets = args
for target in targets:
if not (target.startswith('http://') or target.startswith('https://')):
log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
target = 'http://' + target
print('Checking %s' % target)
pret = oururlparse(target)
if pret is None:
log.critical('The url %s is not well formed' % target)
sys.exit(1)
(hostname, port, path, query, ssl) = pret
log.info('starting wafw00f on %s' % target)
attacker = WafW00F(hostname, port=port, ssl=ssl,
debuglevel=options.verbose, path=path,
followredirect=options.followredirect)
if attacker.normalrequest() is None:
log.error('Site %s appears to be down' % target)
sys.exit(1)
if options.test:
if attacker.wafdetections.has_key(options.test):
waf = attacker.wafdetections[options.test](attacker)
if waf:
print('The site %s is behind a %s' % (target, options.test))
else:
print('WAF %s was not detected on %s' % (options.test, target))
else:
print(
'WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
return
waf = attacker.identwaf(options.findall)
log.info('Ident WAF: %s' % waf)
if len(waf) > 0:
print('The site %s is behind a %s' % (target, ' and/or '.join(waf)))
if (options.findall) or len(waf) == 0:
print('Generic Detection results:')
if attacker.genericdetect():
log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
print('The site %s seems to be behind a WAF or some sort of security solution' % target)
print('Reason: %s' % attacker.knowledge['generic']['reason'])
else:
print('No WAF detected by the generic detection')
print('Number of requests: %s' % attacker.requestnumber)
