identYwaf
What is identYwaf?
identYwaf is an open source, blind web application firewall identification tool. As we all know the term blind SQL injection, this tool recognizes more than 70 types of web application firewalls based on blind inference. What does this mean? Well, identYwaf has a set of pre-defined, non-destructive payloads which will incite a response from the web application firewall being tested. This response is then matched against individual ‘signatures’ of these firewalls. They can be found in the data.json file of the project. These signatures are nothing but simple well known strings like “1 AND 1=1” on which these web application firewalls react. Which firewalls you may ask? Well, here’s a list:
List of Web Application Firewalls supported by identYwaf:
- 360 Web Application Firewall (360)
- aeSecure
- Airlock (Phion/Ergon)
- Alibaba Cloud Security Server Guard (Server Security)
- Anquanbao Web Application Firewall (Anquanbao)
- Approach Web Application Firewall (Approach)
- Armor Protection (Armor Defense)
- F5 Networks (Application Security Manager)
- Amazon (AWS WAF)
- Barracuda Networks WAF
- BitNinja
- Bluedon Web Application Firewall
- CdnNs/WdidcNet (CdnNsWAF)
- WP Cerber Security
- Check Point Next Generation Firewall
- Yunaq (Chuangyu shield)
- Cloudbric
- CloudFlare
- Comodo WAF
- CrawlProtect (Jean-Denis Brun)
- Distil Guard
- dotDefender (Applicure Technologies)
- ExpressionEngine (EllisLab)
- FortiWeb (FortiNet)
- GoDaddy Website Security
- Grey Wizard Shield
- Imunify360 WebShield
- Incapsula/Imperva
- Microsoft ISA Server
- Janusec Application Gateway
- Jiasule WAF
- Knownsec WAF
- Akamai Technologies Kona Site Defender
- MalCare (Inactiv)
- ModSecurity (Trustwave)
- NAXSI
- Citrix NetScaler AppFirewall
- Newdefend
- NinjaFirewall (NinTechNet)
- onMessage Shield (Blackbaud)
- Palo Alto
- PerimeterX Defender
- Radware AppWall
- Reblaze
- Microsoft ASP.NET Request Validation
- RSFirewall (RSJoomla!)
- Safe3 Web Firewall
- Safedog WAF
- Secure Entry Server (United Security Providers)
- SecureIIS Web Server Security (BeyondTrust)
- Shield Security (One Dollar Plugin)
- Imperva SecureSphere
- SiteGround
- SiteGuard (JP-Secure)
- TrueShield (SiteLock)
- Dell SonicWALL
- Sophos UTM Web Protection
- Squarespace WAF
- StackPath
- Sucuri
- Tencent Cloud
- Microsoft Forefront Threat Management Gateway
- Microsoft URLScan
- Url Master SecurityCheck (iFinity/DotNetNuke)
- OWASP Varnish Firewall
- Virusdie WAF
- Varnish Security Firewall
- Wallarm WAF
- WatchGuard Firewall
- AQTRONIX WebKnight Application Firewall
- Wordfence
- YUNDUN Cloud WAF
- Yunsuo Web Application Firewall
- Zenedge
Whoa! That’s a long list for sure! The best part of this architecture is that if you find that a certain web application firewall is not being detected by identYwaf, you can simply edit the data.json file and you are done! That’s what I did! These are the before and after results:
Before identYwaf data.json update:
__ __
____ ___ ___ ____ ______ | T T __ __ ____ _____
l j| \ / _]| \ | T| | || T__T T / T| __|
| T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_
| | | D YY _]| | | | | |___ || | | || || _|
j l | || [_ | | | | | | ! \ / | | || ]
|____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.64)
[o] loading data...
[o] initializing handlers...
[i] checking hostname 'testing.com'...
[i] running basic heuristic test...
[i] rejected summary: 200
[-] non-blind match: -
[!] multiple (reactive) rejection HTTP codes detected (200, 302)
[!] multiple (reactive) rejection HTML responses detected
[i] running payload tests... (45/45)
[=] results: '....................xx..x.......x......xx.xx.'
[=] hardness: easy (17%)
[=] signature: 'xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[+] blind match: 'SiteGround' (97%), 'Kona Site Defender (Akamai Technologies)' (93%), 'WatchGuard (WatchGuard Technologies)' (91%), 'Shield Security (One Dollar Plugin)' (91%)
After identYwaf data.json update:
__ __
____ ___ ___ ____ ______ | T T __ __ ____ _____
l j| \ / _]| \ | T| | || T__T T / T| __|
| T | \ / [_ | _ Yl_j l_j| ~ || | | |Y o || l_
| | | D YY _]| | | | | |___ || | | || || _|
j l | || [_ | | | | | | ! \ / | | || ]
|____jl_____jl_____jl__j__j l__j l____/ \_/\_/ l__j__jl__j (1.0.64)
[o] loading data...
[o] initializing handlers...
[i] checking hostname 'testing.com'...
[i] running basic heuristic test...
[i] rejected summary: 200
[-] non-blind match: -
[!] multiple (reactive) rejection HTTP codes detected (200, 302)
[!] multiple (reactive) rejection HTML responses detected
[i] running payload tests... (45/45)
[=] results: '....................xx..x.......x......xx.xx.'
[=] hardness: easy (17%)
[=] signature: 'xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[+] blind match: 'CloudFlare' (100%)
So you see, it is very easy to customize and use this tool. In fact, If you have used sqlmap before, then you know that this tool works as this tool seems to have born out of the former.
Download identYwaf:
The tool has had frequent updates since it was first published last week and it works on *NIX & Windows as well. As of now, you can get identYwaf v1.0.64 from it's GitHub repository. Else, if you are comfortable using git, follow these steps:
git clone --depth 1 https://github.com/stamparm/identYwaf.git
cd identYwaf/
python identYwaf https://yourtargethere.com
Comentários
Postar um comentário