一款盲目WAF识别工具
2023-5-19 00:3:0 Author: LemonSec(查看原文) 阅读量:16 收藏

一种识别工具,可以基于盲目推理识别Web保护类型(即WAF)。盲推理是通过检查由一组预定义的攻击性(非破坏性)有效载荷引起的响应来完成的,其中这些有效载荷仅用于触发介于两者之间的Web保护系统(例如),目前,它支持80多种不同的保护产品。

用法:

$ python identYwaf.py __ __ ____ ___ ___ ____ ______ | T T __ __ ____ _____ l j| \ / _]| \ | T| | || T__T T / T| __| | T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_ | | | D YY _]| | | | | |___ || | | || || _| j l | || [_ | | | | | | ! \ / | | || ] |____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.XX)
Usage: python identYwaf.py [options] <host|url>
Options: --version Show program's version number and exit -h, --help Show this help message and exit --delay=DELAY Delay (sec) between tests (default: 0) --timeout=TIMEOUT Response timeout (sec) (default: 10) --proxy=PROXY HTTP proxy address (e.g. "http://127.0.0.1:8080") --proxy-file=PRO.. Load (rotating) HTTP(s) proxy list from a file --random-agent Use random HTTP User-Agent header value --code=CODE Expected HTTP code in rejected responses --string=STRING Expected string in rejected responses --post Use POST body for sending payloads

0x01 identYwaf链接获取
https://github.com/stamparm/identYwaf
侵权请私聊公众号删文

 热文推荐  

欢迎关注LemonSec
觉得不错点个“赞”、“在看“

文章来源: http://mp.weixin.qq.com/s?__biz=MzUyMTA0MjQ4NA==&mid=2247545793&idx=1&sn=ab152f5b4fbc85a31a05d5b5f3f9fafe&chksm=f9e35c9ace94d58cc146eecef676275235bd5c2dcb99f27e38142e1043024963c8e25e884b4a#rd
如有侵权请联系:admin#unsafe.sh