WafW00f is written in phython and is available freely on the net,
the tool is developed By Sandro Gauci && Wendel G. Henrique.
they mentions that Web Application Firewalls (WAFs) :
- can be detected, because they leave several signs
- can be bypassed by changing the attack in order to avoid rules
To help detect and bypass WAFs, they released wafw00f
WAFW00F allows one to identify and fingerprint WAF products protecting a website
Download Link
http://waffit.googlecode.com/svn/trunk/ waffit-read-only
or you can find it in Backtrack 5 R1 version
You can find it in /pentest/web/waffit/
example 1: /pentest/web/waffit# ./wafw00f.py http://www.example.com
output:
Checking http://www.example.com
Generic Detection results:
No WAF detected by the generic detection
example 2: /pentest/web/waffit# ./wafw00f.py http://www.example2.com
output:
Checking http://www.example2.com
The site http://www.example2.com is behind a Citrix NetScaler
Facebook
No comments:
Post a Comment