Pular para o conteúdo principal

Compartilhe

Namechk, você pode verificar a disponibilidade de um nome de usuário ou domínio em segundos.

Com o Namechk, você pode verificar a disponibilidade de um nome de usuário ou domínio em segundos. Existem 351 milhões de nomes de domínio registrados, e esse número continua crescendo. Todos os dias, milhares de novos nomes são registrados. Como os nomes de domínio só podem ser usados ​​por uma empresa ou pessoa por vez, pode ser difícil não apenas criar um nome de domínio que faça sentido, mas também encontrar um que esteja disponível.  Muita gente não quer perder tempo criando um novo nome de usuário, verificando a disponibilidade e registrando-o em cada plataforma. E se houvesse um jeito mais fácil? Existe. Um verificador e gerador de nomes de usuário como o Namechk  pode ajudar. Como funciona o Namechk? Comece com algumas ideias de nomes e digite cada uma delas na barra de pesquisa. O Namechk pega sua ideia de nome de usuário (mesmo palavras aleatórias) e verifica sua disponibilidade como nome de domínio e nome de usuário em dezenas de redes sociais e plataformas online. ...
Postar um comentário
Leia mais
Marcadores

identYwaf

What is identYwaf?

identYwaf is an open source, blind web application firewall identification tool. As we all know the term blind SQL injection, this tool recognizes more than 70 types of web application firewalls based on blind inference. What does this mean? Well, identYwaf has a set of pre-defined, non-destructive payloads which will incite a response from the web application firewall being tested. This response is then matched against individual ‘signatures’ of these firewalls. They can be found in the data.json file of the project. These signatures are nothing but simple well known strings like “1 AND 1=1” on which these web application firewalls react. Which firewalls you may ask? Well, here’s a list:
identYwaf 1.0.64

List of Web Application Firewalls supported by identYwaf:

  1. 360 Web Application Firewall (360)
  2. aeSecure
  3. Airlock (Phion/Ergon)
  4. Alibaba Cloud Security Server Guard (Server Security)
  5. Anquanbao Web Application Firewall (Anquanbao)
  6. Approach Web Application Firewall (Approach)
  7. Armor Protection (Armor Defense)
  8. F5 Networks (Application Security Manager)
  9. Amazon (AWS WAF)
  10. Barracuda Networks WAF
  11. BitNinja
  12. Bluedon Web Application Firewall
  13. CdnNs/WdidcNet (CdnNsWAF)
  14. WP Cerber Security
  15. Check Point Next Generation Firewall
  16. Yunaq (Chuangyu shield)
  17. Cloudbric
  18. CloudFlare
  19. Comodo WAF
  20. CrawlProtect (Jean-Denis Brun)
  21. Distil Guard
  22. dotDefender (Applicure Technologies)
  23. ExpressionEngine (EllisLab)
  24. FortiWeb (FortiNet)
  25. GoDaddy Website Security
  26. Grey Wizard Shield
  27. Imunify360 WebShield
  28. Incapsula/Imperva
  29. Microsoft ISA Server
  30. Janusec Application Gateway
  31. Jiasule WAF
  32. Knownsec WAF
  33. Akamai Technologies Kona Site Defender
  34. MalCare (Inactiv)
  35. ModSecurity (Trustwave)
  36. NAXSI
  37. Citrix NetScaler AppFirewall
  38. Newdefend
  39. NinjaFirewall (NinTechNet)
  40. onMessage Shield (Blackbaud)
  41. Palo Alto
  42. PerimeterX Defender
  43. Radware AppWall
  44. Reblaze
  45. Microsoft ASP.NET Request Validation
  46. RSFirewall (RSJoomla!)
  47. Safe3 Web Firewall
  48. Safedog WAF
  49. Secure Entry Server (United Security Providers)
  50. SecureIIS Web Server Security (BeyondTrust)
  51. Shield Security (One Dollar Plugin)
  52. Imperva SecureSphere
  53. SiteGround
  54. SiteGuard (JP-Secure)
  55. TrueShield (SiteLock)
  56. Dell SonicWALL
  57. Sophos UTM Web Protection
  58. Squarespace WAF
  59. StackPath
  60. Sucuri
  61. Tencent Cloud
  62. Microsoft Forefront Threat Management Gateway
  63. Microsoft URLScan
  64. Url Master SecurityCheck (iFinity/DotNetNuke)
  65. OWASP Varnish Firewall
  66. Virusdie WAF
  67. Varnish Security Firewall
  68. Wallarm WAF
  69. WatchGuard Firewall
  70. AQTRONIX WebKnight Application Firewall
  71. Wordfence
  72. YUNDUN Cloud WAF
  73. Yunsuo Web Application Firewall
  74. Zenedge
Whoa! That’s a long list for sure! The best part of this architecture is that if you find that a certain web application firewall is not being detected by identYwaf, you can simply edit the data.json file and you are done! That’s what I did! These are the before and after results:

Before identYwaf data.json update:

       __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.64)

[o] loading data...
[o] initializing handlers...
[i] checking hostname 'testing.com'...
[i] running basic heuristic test...
[i] rejected summary: 200
[-] non-blind match: -
[!] multiple (reactive) rejection HTTP codes detected (200, 302)
[!] multiple (reactive) rejection HTML responses detected
[i] running payload tests... (45/45)
[=] results: '....................xx..x.......x......xx.xx.'
[=] hardness: easy (17%)
[=] signature: 'xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[+] blind match: 'SiteGround' (97%), 'Kona Site Defender (Akamai Technologies)' (93%), 'WatchGuard (WatchGuard Technologies)' (91%), 'Shield Security (One Dollar Plugin)' (91%)

After identYwaf data.json update:

       __ __ 
 ____  ___      ___  ____   ______ |  T  T __    __   ____  _____ 
l    j|   \    /  _]|    \ |      T|  |  ||  T__T  T /    T|   __|
 |  T |    \  /  [_ |  _  Yl_j  l_j|  ~  ||  |  |  |Y  o  ||  l_
 |  | |  D  YY    _]|  |  |  |  |  |___  ||  |  |  ||     ||   _|
 j  l |     ||   [_ |  |  |  |  |  |     ! \      / |  |  ||  ] 
|____jl_____jl_____jl__j__j  l__j  l____/   \_/\_/  l__j__jl__j  (1.0.64)

[o] loading data...
[o] initializing handlers...
[i] checking hostname 'testing.com'...
[i] running basic heuristic test...
[i] rejected summary: 200
[-] non-blind match: -
[!] multiple (reactive) rejection HTTP codes detected (200, 302)
[!] multiple (reactive) rejection HTML responses detected
[i] running payload tests... (45/45)
[=] results: '....................xx..x.......x......xx.xx.'
[=] hardness: easy (17%)
[=] signature: 'xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
[+] blind match: 'CloudFlare' (100%)
So you see, it is very easy to customize and use this tool. In fact, If you have used sqlmap before, then you know that this tool works as this tool seems to have born out of the former.

Download identYwaf:

The tool has had frequent updates since it was first published last week and it works on *NIX & Windows as well. As of now, you can get identYwaf v1.0.64 from it's GitHub repository. Else, if you are comfortable using git, follow these steps:
git clone --depth 1 https://github.com/stamparm/identYwaf.git
cd identYwaf/
python identYwaf https://yourtargethere.com

Share this post on:
Enviar esta postagem
Marcadores:

Comentários

Postar um comentário

Como usar um Agente OSINT IA

Pericia Digital

Ebook

Postagens mais visitadas