search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.17k stars 924 forks source link

Multiple WAFs are not detected #144

Closed thansk closed 2 years ago

thansk commented 2 years ago

Describe the bug A website having more than 1 WAF is detected as only having 1.

To Reproduce wafw00f https://blog.virginia.org

Expected behavior It will be useful to have both detected and displayed.

Screenshots N/A

Desktop (please complete the following information): Python 3.9.7

Debug output Paste the output that you get when passing -vv to wafw00f. Example:

[*] Checking https://blog.virginia.org/
INFO:wafw00f:starting wafw00f on https://blog.virginia.org/
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Checking for ACE XML Gateway (Cisco)
INFO:wafw00f:Checking for aeSecure (aeSecure)
INFO:wafw00f:Checking for AireeCDN (Airee)
INFO:wafw00f:Checking for Airlock (Phion/Ergon)
INFO:wafw00f:Checking for Alert Logic (Alert Logic)
INFO:wafw00f:Checking for AliYunDun (Alibaba Cloud Computing)
INFO:wafw00f:Checking for Anquanbao (Anquanbao)
INFO:wafw00f:Checking for AnYu (AnYu Technologies)
INFO:wafw00f:Checking for Approach (Approach)
INFO:wafw00f:Checking for AppWall (Radware)
INFO:wafw00f:Checking for Armor Defense (Armor)
INFO:wafw00f:Checking for ArvanCloud (ArvanCloud)
INFO:wafw00f:Checking for ASP.NET Generic (Microsoft)
INFO:wafw00f:Checking for ASPA Firewall (ASPA Engineering Co.)
INFO:wafw00f:Checking for Astra (Czar Securities)
INFO:wafw00f:Checking for AWS Elastic Load Balancer (Amazon)
INFO:wafw00f:Checking for AzionCDN (AzionCDN)
INFO:wafw00f:Checking for Azure Front Door (Microsoft)
INFO:wafw00f:Checking for Barikode (Ethic Ninja)
INFO:wafw00f:Checking for Barracuda (Barracuda Networks)
INFO:wafw00f:Checking for Bekchy (Faydata Technologies Inc.)
INFO:wafw00f:Checking for Beluga CDN (Beluga)
INFO:wafw00f:Checking for BIG-IP Local Traffic Manager (F5 Networks)
INFO:wafw00f:Checking for BinarySec (BinarySec)
INFO:wafw00f:Checking for BitNinja (BitNinja)
INFO:wafw00f:Checking for BlockDoS (BlockDoS)
INFO:wafw00f:Checking for Bluedon (Bluedon IST)
INFO:wafw00f:Checking for BulletProof Security Pro (AITpro Security)
INFO:wafw00f:Checking for CacheWall (Varnish)
INFO:wafw00f:Checking for CacheFly CDN (CacheFly)
INFO:wafw00f:Checking for Comodo cWatch (Comodo CyberSecurity)
INFO:wafw00f:Checking for CdnNS Application Gateway (CdnNs/WdidcNet)
INFO:wafw00f:Checking for ChinaCache Load Balancer (ChinaCache)
INFO:wafw00f:Checking for Chuang Yu Shield (Yunaq)
INFO:wafw00f:Checking for Cloudbric (Penta Security)
INFO:wafw00f:Checking for Cloudflare (Cloudflare Inc.)
INFO:wafw00f:Checking for Cloudfloor (Cloudfloor DNS)
INFO:wafw00f:Checking for Cloudfront (Amazon)
INFO:wafw00f:Checking for CrawlProtect (Jean-Denis Brun)
INFO:wafw00f:Checking for DataPower (IBM)
INFO:wafw00f:Checking for Cloud Protector (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for DenyALL (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for Distil (Distil Networks)
INFO:wafw00f:Checking for DOSarrest (DOSarrest Internet Security)
INFO:wafw00f:Checking for DotDefender (Applicure Technologies)
INFO:wafw00f:Checking for DynamicWeb Injection Check (DynamicWeb)
INFO:wafw00f:Checking for Edgecast (Verizon Digital Media)
INFO:wafw00f:Checking for Eisoo Cloud Firewall (Eisoo)
INFO:wafw00f:Checking for Expression Engine (EllisLab)
INFO:wafw00f:Checking for BIG-IP AppSec Manager (F5 Networks)
INFO:wafw00f:Checking for BIG-IP AP Manager (F5 Networks)
INFO:wafw00f:Checking for Fastly (Fastly CDN)
INFO:wafw00f:Checking for FirePass (F5 Networks)
INFO:wafw00f:Checking for FortiWeb (Fortinet)
INFO:wafw00f:Checking for GoDaddy Website Protection (GoDaddy)
INFO:wafw00f:Checking for Greywizard (Grey Wizard)
INFO:wafw00f:Checking for Huawei Cloud Firewall (Huawei)
INFO:wafw00f:Checking for HyperGuard (Art of Defense)
INFO:wafw00f:Checking for Imunify360 (CloudLinux)
INFO:wafw00f:Checking for Incapsula (Imperva Inc.)
INFO:wafw00f:Checking for IndusGuard (Indusface)
INFO:wafw00f:Checking for Instart DX (Instart Logic)
INFO:wafw00f:Checking for ISA Server (Microsoft)
INFO:wafw00f:Checking for Janusec Application Gateway (Janusec)
INFO:wafw00f:Checking for Jiasule (Jiasule)
INFO:wafw00f:Checking for Kona SiteDefender (Akamai)
INFO:wafw00f:Checking for KS-WAF (KnownSec)
INFO:wafw00f:Checking for KeyCDN (KeyCDN)
INFO:wafw00f:Checking for LimeLight CDN (LimeLight)
INFO:wafw00f:Checking for LiteSpeed (LiteSpeed Technologies)
INFO:wafw00f:Checking for Open-Resty Lua Nginx (FLOSS)
INFO:wafw00f:Checking for Oracle Cloud (Oracle)
INFO:wafw00f:Checking for Malcare (Inactiv)
INFO:wafw00f:Checking for MaxCDN (MaxCDN)
INFO:wafw00f:Checking for Mission Control Shield (Mission Control)
INFO:wafw00f:Checking for ModSecurity (SpiderLabs)
INFO:wafw00f:Checking for NAXSI (NBS Systems)
INFO:wafw00f:Checking for Nemesida (PentestIt)
INFO:wafw00f:Checking for NevisProxy (AdNovum)
INFO:wafw00f:Checking for NetContinuum (Barracuda Networks)
INFO:wafw00f:Checking for NetScaler AppFirewall (Citrix Systems)
INFO:wafw00f:Checking for Newdefend (NewDefend)
INFO:wafw00f:Checking for NexusGuard Firewall (NexusGuard)
INFO:wafw00f:Checking for NinjaFirewall (NinTechNet)
INFO:wafw00f:Checking for NullDDoS Protection (NullDDoS)
INFO:wafw00f:Checking for NSFocus (NSFocus Global Inc.)
INFO:wafw00f:Checking for OnMessage Shield (BlackBaud)
INFO:wafw00f:Checking for Palo Alto Next Gen Firewall (Palo Alto Networks)
INFO:wafw00f:Checking for PerimeterX (PerimeterX)
INFO:wafw00f:Checking for PentaWAF (Global Network Services)
INFO:wafw00f:Checking for pkSecurity IDS (pkSec)
INFO:wafw00f:Checking for PT Application Firewall (Positive Technologies)
INFO:wafw00f:Checking for PowerCDN (PowerCDN)
INFO:wafw00f:Checking for Profense (ArmorLogic)
INFO:wafw00f:Checking for Puhui (Puhui)
INFO:wafw00f:Checking for Qcloud (Tencent Cloud)
INFO:wafw00f:Checking for Qiniu (Qiniu CDN)
INFO:wafw00f:Checking for Reblaze (Reblaze)
INFO:wafw00f:Checking for RSFirewall (RSJoomla!)
INFO:wafw00f:Checking for RequestValidationMode (Microsoft)
INFO:wafw00f:Checking for Sabre Firewall (Sabre)
INFO:wafw00f:Checking for Safe3 Web Firewall (Safe3)
INFO:wafw00f:Checking for Safedog (SafeDog)
INFO:wafw00f:Checking for Safeline (Chaitin Tech.)
INFO:wafw00f:Checking for SecKing (SecKing)
INFO:wafw00f:Checking for eEye SecureIIS (BeyondTrust)
INFO:wafw00f:Checking for SecuPress WP Security (SecuPress)
INFO:wafw00f:Checking for SecureSphere (Imperva Inc.)
INFO:wafw00f:Checking for Secure Entry (United Security Providers)
INFO:wafw00f:Checking for SEnginx (Neusoft)
INFO:wafw00f:Checking for ServerDefender VP (Port80 Software)
INFO:wafw00f:Checking for Shield Security (One Dollar Plugin)
INFO:wafw00f:Checking for Shadow Daemon (Zecure)
INFO:wafw00f:Checking for SiteGround (SiteGround)
INFO:wafw00f:Checking for SiteGuard (Sakura Inc.)
INFO:wafw00f:Checking for Sitelock (TrueShield)
INFO:wafw00f:Checking for SonicWall (Dell)
INFO:wafw00f:Checking for UTM Web Protection (Sophos)
INFO:wafw00f:Checking for Squarespace (Squarespace)
INFO:wafw00f:Checking for SquidProxy IDS (SquidProxy)
INFO:wafw00f:Checking for StackPath (StackPath)
INFO:wafw00f:Checking for Sucuri CloudProxy (Sucuri Inc.)
INFO:wafw00f:Checking for Tencent Cloud Firewall (Tencent Technologies)
INFO:wafw00f:Checking for Teros (Citrix Systems)
INFO:wafw00f:Checking for Trafficshield (F5 Networks)
INFO:wafw00f:Checking for TransIP Web Firewall (TransIP)
INFO:wafw00f:Checking for URLMaster SecurityCheck (iFinity/DotNetNuke)
INFO:wafw00f:Checking for URLScan (Microsoft)
INFO:wafw00f:Checking for UEWaf (UCloud)
INFO:wafw00f:Checking for Varnish (OWASP)
INFO:wafw00f:Checking for Viettel (Cloudrity)
INFO:wafw00f:Checking for VirusDie (VirusDie LLC)
INFO:wafw00f:Checking for Wallarm (Wallarm Inc.)
INFO:wafw00f:Checking for WatchGuard (WatchGuard Technologies)
INFO:wafw00f:Checking for WebARX (WebARX Security Solutions)
INFO:wafw00f:Checking for WebKnight (AQTRONIX)
INFO:wafw00f:Checking for WebLand (WebLand)
INFO:wafw00f:Checking for wpmudev WAF (Incsub)
INFO:wafw00f:Checking for RayWAF (WebRay Solutions)
INFO:wafw00f:Checking for WebSEAL (IBM)
INFO:wafw00f:Checking for WebTotem (WebTotem)
INFO:wafw00f:Checking for West263 CDN (West263CDN)
INFO:wafw00f:Checking for Wordfence (Defiant)
INFO:wafw00f:Checking for WP Cerber Security (Cerber Tech)
INFO:wafw00f:Checking for WTS-WAF (WTS)
INFO:wafw00f:Checking for 360WangZhanBao (360 Technologies)
INFO:wafw00f:Checking for XLabs Security WAF (XLabs)
INFO:wafw00f:Checking for Xuanwudun (Xuanwudun)
INFO:wafw00f:Checking for Yundun (Yundun)
INFO:wafw00f:Checking for Yunsuo (Yunsuo)
INFO:wafw00f:Checking for Yunjiasu (Baidu Cloud Computing)
INFO:wafw00f:Checking for YXLink (YxLink Technologies)
INFO:wafw00f:Checking for Zenedge (Zenedge)
INFO:wafw00f:Checking for ZScaler (Accenture)
INFO:wafw00f:Checking for Shieldon Firewall (Shieldon.io)
INFO:wafw00f:Identified WAF: ['Cloudflare (Cloudflare Inc.)']
[+] The site https://blog.virginia.org/ is behind Cloudflare (Cloudflare Inc.) WAF.
[+] Generic Detection results:
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
[-] No WAF detected by the generic detection
[~] Number of requests: 7
INFO:wafw00f:Found: 2 matches.

Additional context A 403 with Wordfence info is presented on a normal GET request if, I assume, the IP is in a blacklist.

foozzi commented 2 years ago

Describe the bug A website having more than 1 WAF is detected as only having 1.

To Reproduce wafw00f https://blog.virginia.org

Expected behavior It will be useful to have both detected and displayed.

Screenshots N/A

Desktop (please complete the following information): Python 3.9.7

Debug output Paste the output that you get when passing -vv to wafw00f. Example:

[*] Checking https://blog.virginia.org/
INFO:wafw00f:starting wafw00f on https://blog.virginia.org/
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Checking for ACE XML Gateway (Cisco)
INFO:wafw00f:Checking for aeSecure (aeSecure)
INFO:wafw00f:Checking for AireeCDN (Airee)
INFO:wafw00f:Checking for Airlock (Phion/Ergon)
INFO:wafw00f:Checking for Alert Logic (Alert Logic)
INFO:wafw00f:Checking for AliYunDun (Alibaba Cloud Computing)
INFO:wafw00f:Checking for Anquanbao (Anquanbao)
INFO:wafw00f:Checking for AnYu (AnYu Technologies)
INFO:wafw00f:Checking for Approach (Approach)
INFO:wafw00f:Checking for AppWall (Radware)
INFO:wafw00f:Checking for Armor Defense (Armor)
INFO:wafw00f:Checking for ArvanCloud (ArvanCloud)
INFO:wafw00f:Checking for ASP.NET Generic (Microsoft)
INFO:wafw00f:Checking for ASPA Firewall (ASPA Engineering Co.)
INFO:wafw00f:Checking for Astra (Czar Securities)
INFO:wafw00f:Checking for AWS Elastic Load Balancer (Amazon)
INFO:wafw00f:Checking for AzionCDN (AzionCDN)
INFO:wafw00f:Checking for Azure Front Door (Microsoft)
INFO:wafw00f:Checking for Barikode (Ethic Ninja)
INFO:wafw00f:Checking for Barracuda (Barracuda Networks)
INFO:wafw00f:Checking for Bekchy (Faydata Technologies Inc.)
INFO:wafw00f:Checking for Beluga CDN (Beluga)
INFO:wafw00f:Checking for BIG-IP Local Traffic Manager (F5 Networks)
INFO:wafw00f:Checking for BinarySec (BinarySec)
INFO:wafw00f:Checking for BitNinja (BitNinja)
INFO:wafw00f:Checking for BlockDoS (BlockDoS)
INFO:wafw00f:Checking for Bluedon (Bluedon IST)
INFO:wafw00f:Checking for BulletProof Security Pro (AITpro Security)
INFO:wafw00f:Checking for CacheWall (Varnish)
INFO:wafw00f:Checking for CacheFly CDN (CacheFly)
INFO:wafw00f:Checking for Comodo cWatch (Comodo CyberSecurity)
INFO:wafw00f:Checking for CdnNS Application Gateway (CdnNs/WdidcNet)
INFO:wafw00f:Checking for ChinaCache Load Balancer (ChinaCache)
INFO:wafw00f:Checking for Chuang Yu Shield (Yunaq)
INFO:wafw00f:Checking for Cloudbric (Penta Security)
INFO:wafw00f:Checking for Cloudflare (Cloudflare Inc.)
INFO:wafw00f:Checking for Cloudfloor (Cloudfloor DNS)
INFO:wafw00f:Checking for Cloudfront (Amazon)
INFO:wafw00f:Checking for CrawlProtect (Jean-Denis Brun)
INFO:wafw00f:Checking for DataPower (IBM)
INFO:wafw00f:Checking for Cloud Protector (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for DenyALL (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for Distil (Distil Networks)
INFO:wafw00f:Checking for DOSarrest (DOSarrest Internet Security)
INFO:wafw00f:Checking for DotDefender (Applicure Technologies)
INFO:wafw00f:Checking for DynamicWeb Injection Check (DynamicWeb)
INFO:wafw00f:Checking for Edgecast (Verizon Digital Media)
INFO:wafw00f:Checking for Eisoo Cloud Firewall (Eisoo)
INFO:wafw00f:Checking for Expression Engine (EllisLab)
INFO:wafw00f:Checking for BIG-IP AppSec Manager (F5 Networks)
INFO:wafw00f:Checking for BIG-IP AP Manager (F5 Networks)
INFO:wafw00f:Checking for Fastly (Fastly CDN)
INFO:wafw00f:Checking for FirePass (F5 Networks)
INFO:wafw00f:Checking for FortiWeb (Fortinet)
INFO:wafw00f:Checking for GoDaddy Website Protection (GoDaddy)
INFO:wafw00f:Checking for Greywizard (Grey Wizard)
INFO:wafw00f:Checking for Huawei Cloud Firewall (Huawei)
INFO:wafw00f:Checking for HyperGuard (Art of Defense)
INFO:wafw00f:Checking for Imunify360 (CloudLinux)
INFO:wafw00f:Checking for Incapsula (Imperva Inc.)
INFO:wafw00f:Checking for IndusGuard (Indusface)
INFO:wafw00f:Checking for Instart DX (Instart Logic)
INFO:wafw00f:Checking for ISA Server (Microsoft)
INFO:wafw00f:Checking for Janusec Application Gateway (Janusec)
INFO:wafw00f:Checking for Jiasule (Jiasule)
INFO:wafw00f:Checking for Kona SiteDefender (Akamai)
INFO:wafw00f:Checking for KS-WAF (KnownSec)
INFO:wafw00f:Checking for KeyCDN (KeyCDN)
INFO:wafw00f:Checking for LimeLight CDN (LimeLight)
INFO:wafw00f:Checking for LiteSpeed (LiteSpeed Technologies)
INFO:wafw00f:Checking for Open-Resty Lua Nginx (FLOSS)
INFO:wafw00f:Checking for Oracle Cloud (Oracle)
INFO:wafw00f:Checking for Malcare (Inactiv)
INFO:wafw00f:Checking for MaxCDN (MaxCDN)
INFO:wafw00f:Checking for Mission Control Shield (Mission Control)
INFO:wafw00f:Checking for ModSecurity (SpiderLabs)
INFO:wafw00f:Checking for NAXSI (NBS Systems)
INFO:wafw00f:Checking for Nemesida (PentestIt)
INFO:wafw00f:Checking for NevisProxy (AdNovum)
INFO:wafw00f:Checking for NetContinuum (Barracuda Networks)
INFO:wafw00f:Checking for NetScaler AppFirewall (Citrix Systems)
INFO:wafw00f:Checking for Newdefend (NewDefend)
INFO:wafw00f:Checking for NexusGuard Firewall (NexusGuard)
INFO:wafw00f:Checking for NinjaFirewall (NinTechNet)
INFO:wafw00f:Checking for NullDDoS Protection (NullDDoS)
INFO:wafw00f:Checking for NSFocus (NSFocus Global Inc.)
INFO:wafw00f:Checking for OnMessage Shield (BlackBaud)
INFO:wafw00f:Checking for Palo Alto Next Gen Firewall (Palo Alto Networks)
INFO:wafw00f:Checking for PerimeterX (PerimeterX)
INFO:wafw00f:Checking for PentaWAF (Global Network Services)
INFO:wafw00f:Checking for pkSecurity IDS (pkSec)
INFO:wafw00f:Checking for PT Application Firewall (Positive Technologies)
INFO:wafw00f:Checking for PowerCDN (PowerCDN)
INFO:wafw00f:Checking for Profense (ArmorLogic)
INFO:wafw00f:Checking for Puhui (Puhui)
INFO:wafw00f:Checking for Qcloud (Tencent Cloud)
INFO:wafw00f:Checking for Qiniu (Qiniu CDN)
INFO:wafw00f:Checking for Reblaze (Reblaze)
INFO:wafw00f:Checking for RSFirewall (RSJoomla!)
INFO:wafw00f:Checking for RequestValidationMode (Microsoft)
INFO:wafw00f:Checking for Sabre Firewall (Sabre)
INFO:wafw00f:Checking for Safe3 Web Firewall (Safe3)
INFO:wafw00f:Checking for Safedog (SafeDog)
INFO:wafw00f:Checking for Safeline (Chaitin Tech.)
INFO:wafw00f:Checking for SecKing (SecKing)
INFO:wafw00f:Checking for eEye SecureIIS (BeyondTrust)
INFO:wafw00f:Checking for SecuPress WP Security (SecuPress)
INFO:wafw00f:Checking for SecureSphere (Imperva Inc.)
INFO:wafw00f:Checking for Secure Entry (United Security Providers)
INFO:wafw00f:Checking for SEnginx (Neusoft)
INFO:wafw00f:Checking for ServerDefender VP (Port80 Software)
INFO:wafw00f:Checking for Shield Security (One Dollar Plugin)
INFO:wafw00f:Checking for Shadow Daemon (Zecure)
INFO:wafw00f:Checking for SiteGround (SiteGround)
INFO:wafw00f:Checking for SiteGuard (Sakura Inc.)
INFO:wafw00f:Checking for Sitelock (TrueShield)
INFO:wafw00f:Checking for SonicWall (Dell)
INFO:wafw00f:Checking for UTM Web Protection (Sophos)
INFO:wafw00f:Checking for Squarespace (Squarespace)
INFO:wafw00f:Checking for SquidProxy IDS (SquidProxy)
INFO:wafw00f:Checking for StackPath (StackPath)
INFO:wafw00f:Checking for Sucuri CloudProxy (Sucuri Inc.)
INFO:wafw00f:Checking for Tencent Cloud Firewall (Tencent Technologies)
INFO:wafw00f:Checking for Teros (Citrix Systems)
INFO:wafw00f:Checking for Trafficshield (F5 Networks)
INFO:wafw00f:Checking for TransIP Web Firewall (TransIP)
INFO:wafw00f:Checking for URLMaster SecurityCheck (iFinity/DotNetNuke)
INFO:wafw00f:Checking for URLScan (Microsoft)
INFO:wafw00f:Checking for UEWaf (UCloud)
INFO:wafw00f:Checking for Varnish (OWASP)
INFO:wafw00f:Checking for Viettel (Cloudrity)
INFO:wafw00f:Checking for VirusDie (VirusDie LLC)
INFO:wafw00f:Checking for Wallarm (Wallarm Inc.)
INFO:wafw00f:Checking for WatchGuard (WatchGuard Technologies)
INFO:wafw00f:Checking for WebARX (WebARX Security Solutions)
INFO:wafw00f:Checking for WebKnight (AQTRONIX)
INFO:wafw00f:Checking for WebLand (WebLand)
INFO:wafw00f:Checking for wpmudev WAF (Incsub)
INFO:wafw00f:Checking for RayWAF (WebRay Solutions)
INFO:wafw00f:Checking for WebSEAL (IBM)
INFO:wafw00f:Checking for WebTotem (WebTotem)
INFO:wafw00f:Checking for West263 CDN (West263CDN)
INFO:wafw00f:Checking for Wordfence (Defiant)
INFO:wafw00f:Checking for WP Cerber Security (Cerber Tech)
INFO:wafw00f:Checking for WTS-WAF (WTS)
INFO:wafw00f:Checking for 360WangZhanBao (360 Technologies)
INFO:wafw00f:Checking for XLabs Security WAF (XLabs)
INFO:wafw00f:Checking for Xuanwudun (Xuanwudun)
INFO:wafw00f:Checking for Yundun (Yundun)
INFO:wafw00f:Checking for Yunsuo (Yunsuo)
INFO:wafw00f:Checking for Yunjiasu (Baidu Cloud Computing)
INFO:wafw00f:Checking for YXLink (YxLink Technologies)
INFO:wafw00f:Checking for Zenedge (Zenedge)
INFO:wafw00f:Checking for ZScaler (Accenture)
INFO:wafw00f:Checking for Shieldon Firewall (Shieldon.io)
INFO:wafw00f:Identified WAF: ['Cloudflare (Cloudflare Inc.)']
[+] The site https://blog.virginia.org/ is behind Cloudflare (Cloudflare Inc.) WAF.
[+] Generic Detection results:
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
[-] No WAF detected by the generic detection
[~] Number of requests: 7
INFO:wafw00f:Found: 2 matches.

Additional context A 403 with Wordfence info is presented on a normal GET request if, I assume, the IP is in a blacklist.

[*] Checking https://blog.virginia.org
[+] The site https://blog.virginia.org is behind Cloudflare (Cloudflare Inc.) WAF.
[~] Number of requests: 2
foozzi commented 2 years ago

A website having more than 1 WAF is detected as only having 1.

wafw00f cannot bypass 1 waf to detect 2 waf

sandrogauci commented 2 years ago

wafw00f does not actually detect Wordfence on this website. To test for Wordfence only, I ran the following command with the below output:

wafw00f https://blog.virginia.org -t 'Wordfence (Defiant)'

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.1.0 ~
    The Web Application Firewall Fingerprinting Toolkit

[*] Checking https://blog.virginia.org
[-] WAF Wordfence (Defiant) was not detected on https://blog.virginia.org

I'm going to close this issue.

@thansk please reopen if you can give us details of how wafw00f should detect Wordfence. Ideally, detection should not trigger a blocklist :-)