search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.16k stars 922 forks source link

AttributeError: 'NoneType' object has no attribute 'headers' #113

Closed lookforkivi closed 3 years ago

lookforkivi commented 4 years ago

An error reported when the target is reset by waf image

G66K-CODE commented 4 years ago

Traceback (most recent call last): File "/usr/bin/wafw00f", line 8, in main.main() File "/usr/lib/python3/dist-packages/wafw00f/main.py", line 439, in main if attacker.genericdetect(): File "/usr/lib/python3/dist-packages/wafw00f/main.py", line 139, in genericdetect attackresponse_server = response.headers.get('Server') AttributeError: 'NoneType' object has no attribute 'headers'

A Quick Fix:

On line 139

if response.headers is not None: attackresponse_server = response.headers.get('Server')

0xInfection commented 4 years ago

Turns out that the only fix required was to just add a missing return statement after catching an exception. Works fine now for me. Let me know if the fix works for you.

$ wafw00f -i ~/test.txt  -v 

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.1.0 ~
        The Web Application Firewall Fingerprinting Toolkit

[*] Checking https://xxxxxx.xxx
ERROR:wafw00f:Something went wrong ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
ERROR:wafw00f:Site xxxxxx.xxx appears to be down
deepwebhacker commented 3 years ago

E:\WebPentest\wafw00f-2.1.0\wafw00f>ls init.py pycache/ bin/ lib/ manager.py plugins/ wafprio.py wafw00f.py

E:\WebPentest\wafw00f-2.1.0\wafw00f>wafw00f -l Traceback (most recent call last): File "E:\WebPentest\wafw00f-2.1.0\wafw00f\wafw00f.py", line 17, in from wafw00f.lib.asciiarts import File "E:\WebPentest\wafw00f-2.1.0\wafw00f\wafw00f.py", line 17, in from wafw00f.lib.asciiarts import ModuleNotFoundError: No module named 'wafw00f.lib'; 'wafw00f' is not a package

E:\WebPentest\wafw00f-2.1.0\wafw00f>python --version Python 3.8.0

E:\WebPentest\wafw00f-2.1.0\wafw00f>git --version git version 2.29.2.windows.1

E:\WebPentest\wafw00f-2.1.0\wafw00f>pip show wafw00f Name: wafw00f Version: 2.1.0 Summary: UNKNOWN Home-page: https://github.com/enablesecurity/wafw00f Author: Sandro Gauci Author-email: sandro@enablesecurity.com License: BSD License Location: c:\program files\python38\lib\site-packages\wafw00f-2.1.0-py3.8.egg Requires: requests, requests, pluginbase Required-by:

what's the issues?I dont know whats wrong with it,please give me a help.thx!!!

0xInfection commented 3 years ago

Closing this issue for now. Please feel free to re-open if the same issue gets reproduced again by someone else.

prryplatypus commented 2 years ago

Hi there, not sure if this is considered necroposting, but since you mentioned reopening this issue if someone had the same problem, I'm commenting here. Apologies if that's not what you meant.

I am currently experiencing the same issue with some sites only, but I'm not too sure what's causing it, since I'm able to fetch it just fine with CURL and I'm able to access it directly from my browser too. From what I've seen, the PR which was supposed to fix this got closed, but there's no explanation as to why it was closed and not merged and all it says is that "we can always reopen whenever needed". I was wondering what would be considered as "whenever needed" since, in a way, I do need it to exit gracefully instead of throwing an exception.

Attached is a screenshot of the issue I'm experiencing.

imagen

Many thanks in advance!

0xInfection commented 2 years ago

Hey @prryplatypus, would you mind trying out a fresh clone of the master branch and see if the issue persists. I tried replicating a similar setup and I get:

$ wafw00f http://x.x.x.x:4869

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.1.0 ~
    The Web Application Firewall Fingerprinting Toolkit

[*] Checking http://x.x.x.x:4869
ERROR:wafw00f:Something went wrong ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
ERROR:wafw00f:Site x.x.x.x appears to be down
prryplatypus commented 2 years ago

Hi there, apologies for the delay in the response. I don't work on weekends and this is something happening at work 😛.

I can indeed confirm I have just tried reproducing this issue with a fresh clone of this repository and still experience this issue. You can also see how I get a different output depending on whether I specify http:// or not.

root@atlas-core-v2:~# wafw00f/wafw00f/bin/wafw00f -f json -o - http://x.x.x.x
ERROR:wafw00f:Something went wrong ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Traceback (most recent call last):
  File "tmp/wafw00f/bin/wafw00f", line 8, in <module>
    main.main()
  File "/usr/local/lib/python3.8/dist-packages/wafw00f-2.1.0-py3.8.egg/wafw00f/main.py", line 450, in main
    if attacker.genericdetect():
  File "/usr/local/lib/python3.8/dist-packages/wafw00f-2.1.0-py3.8.egg/wafw00f/main.py", line 146, in genericdetect
    if 'server' in response.headers:
AttributeError: 'NoneType' object has no attribute 'headers'

root@atlas-core-v2:~# tmp/wafw00f/bin/wafw00f -f json -o - x.x.x.x
ERROR:wafw00f:Something went wrong HTTPSConnectionPool(host='x.x.x.x', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fdd8dd70610>: Failed to establish a new connection: [Errno 111] Connection refused'))
ERROR:wafw00f:Site x.x.x.x appears to be down

Let me know if you want me to email you or send you the IP address somewhere so you can try it out. I'd rather not post it publically since it's not my property.