一种识别工具,可以基于盲目推理识别Web保护类型(即WAF)。盲推理是通过检查由一组预定义的攻击性(非破坏性)有效载荷引起的响应来完成的,其中这些有效载荷仅用于触发介于两者之间的Web保护系统(例如),目前,它支持80多种不同的保护产品。
用法:
$ python identYwaf.py
__ __
____ ___ ___ ____ ______ | T T __ __ ____ _____
l j| \ / _]| \ | T| | || T__T T / T| __|
| T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_
| | | D YY _]| | | | | |___ || | | || || _|
j l | || [_ | | | | | | ! \ / | | || ]
|____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.XX)
Usage: python identYwaf.py [options] <host|url>
Options:
--version Show program's version number and exit
-h, --help Show this help message and exit
--delay=DELAY Delay (sec) between tests (default: 0)
--timeout=TIMEOUT Response timeout (sec) (default: 10)
--proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080")
--proxy-file=PRO.. Load (rotating) HTTP(s) proxy list from a file
--random-agent Use random HTTP User-Agent header value
--code=CODE Expected HTTP code in rejected responses
--string=STRING Expected string in rejected responses
--post Use POST body for sending payloads
热文推荐