Closed thansk closed 2 years ago
Describe the bug A website having more than 1 WAF is detected as only having 1.
To Reproduce
wafw00f https://blog.virginia.org
Expected behavior It will be useful to have both detected and displayed.
Screenshots N/A
Desktop (please complete the following information): Python 3.9.7
Debug output Paste the output that you get when passing
-vv
to wafw00f. Example:[*] Checking https://blog.virginia.org/ INFO:wafw00f:starting wafw00f on https://blog.virginia.org/ INFO:wafw00f:Request Succeeded INFO:wafw00f:Request Succeeded INFO:wafw00f:Checking for ACE XML Gateway (Cisco) INFO:wafw00f:Checking for aeSecure (aeSecure) INFO:wafw00f:Checking for AireeCDN (Airee) INFO:wafw00f:Checking for Airlock (Phion/Ergon) INFO:wafw00f:Checking for Alert Logic (Alert Logic) INFO:wafw00f:Checking for AliYunDun (Alibaba Cloud Computing) INFO:wafw00f:Checking for Anquanbao (Anquanbao) INFO:wafw00f:Checking for AnYu (AnYu Technologies) INFO:wafw00f:Checking for Approach (Approach) INFO:wafw00f:Checking for AppWall (Radware) INFO:wafw00f:Checking for Armor Defense (Armor) INFO:wafw00f:Checking for ArvanCloud (ArvanCloud) INFO:wafw00f:Checking for ASP.NET Generic (Microsoft) INFO:wafw00f:Checking for ASPA Firewall (ASPA Engineering Co.) INFO:wafw00f:Checking for Astra (Czar Securities) INFO:wafw00f:Checking for AWS Elastic Load Balancer (Amazon) INFO:wafw00f:Checking for AzionCDN (AzionCDN) INFO:wafw00f:Checking for Azure Front Door (Microsoft) INFO:wafw00f:Checking for Barikode (Ethic Ninja) INFO:wafw00f:Checking for Barracuda (Barracuda Networks) INFO:wafw00f:Checking for Bekchy (Faydata Technologies Inc.) INFO:wafw00f:Checking for Beluga CDN (Beluga) INFO:wafw00f:Checking for BIG-IP Local Traffic Manager (F5 Networks) INFO:wafw00f:Checking for BinarySec (BinarySec) INFO:wafw00f:Checking for BitNinja (BitNinja) INFO:wafw00f:Checking for BlockDoS (BlockDoS) INFO:wafw00f:Checking for Bluedon (Bluedon IST) INFO:wafw00f:Checking for BulletProof Security Pro (AITpro Security) INFO:wafw00f:Checking for CacheWall (Varnish) INFO:wafw00f:Checking for CacheFly CDN (CacheFly) INFO:wafw00f:Checking for Comodo cWatch (Comodo CyberSecurity) INFO:wafw00f:Checking for CdnNS Application Gateway (CdnNs/WdidcNet) INFO:wafw00f:Checking for ChinaCache Load Balancer (ChinaCache) INFO:wafw00f:Checking for Chuang Yu Shield (Yunaq) INFO:wafw00f:Checking for Cloudbric (Penta Security) INFO:wafw00f:Checking for Cloudflare (Cloudflare Inc.) INFO:wafw00f:Checking for Cloudfloor (Cloudfloor DNS) INFO:wafw00f:Checking for Cloudfront (Amazon) INFO:wafw00f:Checking for CrawlProtect (Jean-Denis Brun) INFO:wafw00f:Checking for DataPower (IBM) INFO:wafw00f:Checking for Cloud Protector (Rohde & Schwarz CyberSecurity) INFO:wafw00f:Checking for DenyALL (Rohde & Schwarz CyberSecurity) INFO:wafw00f:Checking for Distil (Distil Networks) INFO:wafw00f:Checking for DOSarrest (DOSarrest Internet Security) INFO:wafw00f:Checking for DotDefender (Applicure Technologies) INFO:wafw00f:Checking for DynamicWeb Injection Check (DynamicWeb) INFO:wafw00f:Checking for Edgecast (Verizon Digital Media) INFO:wafw00f:Checking for Eisoo Cloud Firewall (Eisoo) INFO:wafw00f:Checking for Expression Engine (EllisLab) INFO:wafw00f:Checking for BIG-IP AppSec Manager (F5 Networks) INFO:wafw00f:Checking for BIG-IP AP Manager (F5 Networks) INFO:wafw00f:Checking for Fastly (Fastly CDN) INFO:wafw00f:Checking for FirePass (F5 Networks) INFO:wafw00f:Checking for FortiWeb (Fortinet) INFO:wafw00f:Checking for GoDaddy Website Protection (GoDaddy) INFO:wafw00f:Checking for Greywizard (Grey Wizard) INFO:wafw00f:Checking for Huawei Cloud Firewall (Huawei) INFO:wafw00f:Checking for HyperGuard (Art of Defense) INFO:wafw00f:Checking for Imunify360 (CloudLinux) INFO:wafw00f:Checking for Incapsula (Imperva Inc.) INFO:wafw00f:Checking for IndusGuard (Indusface) INFO:wafw00f:Checking for Instart DX (Instart Logic) INFO:wafw00f:Checking for ISA Server (Microsoft) INFO:wafw00f:Checking for Janusec Application Gateway (Janusec) INFO:wafw00f:Checking for Jiasule (Jiasule) INFO:wafw00f:Checking for Kona SiteDefender (Akamai) INFO:wafw00f:Checking for KS-WAF (KnownSec) INFO:wafw00f:Checking for KeyCDN (KeyCDN) INFO:wafw00f:Checking for LimeLight CDN (LimeLight) INFO:wafw00f:Checking for LiteSpeed (LiteSpeed Technologies) INFO:wafw00f:Checking for Open-Resty Lua Nginx (FLOSS) INFO:wafw00f:Checking for Oracle Cloud (Oracle) INFO:wafw00f:Checking for Malcare (Inactiv) INFO:wafw00f:Checking for MaxCDN (MaxCDN) INFO:wafw00f:Checking for Mission Control Shield (Mission Control) INFO:wafw00f:Checking for ModSecurity (SpiderLabs) INFO:wafw00f:Checking for NAXSI (NBS Systems) INFO:wafw00f:Checking for Nemesida (PentestIt) INFO:wafw00f:Checking for NevisProxy (AdNovum) INFO:wafw00f:Checking for NetContinuum (Barracuda Networks) INFO:wafw00f:Checking for NetScaler AppFirewall (Citrix Systems) INFO:wafw00f:Checking for Newdefend (NewDefend) INFO:wafw00f:Checking for NexusGuard Firewall (NexusGuard) INFO:wafw00f:Checking for NinjaFirewall (NinTechNet) INFO:wafw00f:Checking for NullDDoS Protection (NullDDoS) INFO:wafw00f:Checking for NSFocus (NSFocus Global Inc.) INFO:wafw00f:Checking for OnMessage Shield (BlackBaud) INFO:wafw00f:Checking for Palo Alto Next Gen Firewall (Palo Alto Networks) INFO:wafw00f:Checking for PerimeterX (PerimeterX) INFO:wafw00f:Checking for PentaWAF (Global Network Services) INFO:wafw00f:Checking for pkSecurity IDS (pkSec) INFO:wafw00f:Checking for PT Application Firewall (Positive Technologies) INFO:wafw00f:Checking for PowerCDN (PowerCDN) INFO:wafw00f:Checking for Profense (ArmorLogic) INFO:wafw00f:Checking for Puhui (Puhui) INFO:wafw00f:Checking for Qcloud (Tencent Cloud) INFO:wafw00f:Checking for Qiniu (Qiniu CDN) INFO:wafw00f:Checking for Reblaze (Reblaze) INFO:wafw00f:Checking for RSFirewall (RSJoomla!) INFO:wafw00f:Checking for RequestValidationMode (Microsoft) INFO:wafw00f:Checking for Sabre Firewall (Sabre) INFO:wafw00f:Checking for Safe3 Web Firewall (Safe3) INFO:wafw00f:Checking for Safedog (SafeDog) INFO:wafw00f:Checking for Safeline (Chaitin Tech.) INFO:wafw00f:Checking for SecKing (SecKing) INFO:wafw00f:Checking for eEye SecureIIS (BeyondTrust) INFO:wafw00f:Checking for SecuPress WP Security (SecuPress) INFO:wafw00f:Checking for SecureSphere (Imperva Inc.) INFO:wafw00f:Checking for Secure Entry (United Security Providers) INFO:wafw00f:Checking for SEnginx (Neusoft) INFO:wafw00f:Checking for ServerDefender VP (Port80 Software) INFO:wafw00f:Checking for Shield Security (One Dollar Plugin) INFO:wafw00f:Checking for Shadow Daemon (Zecure) INFO:wafw00f:Checking for SiteGround (SiteGround) INFO:wafw00f:Checking for SiteGuard (Sakura Inc.) INFO:wafw00f:Checking for Sitelock (TrueShield) INFO:wafw00f:Checking for SonicWall (Dell) INFO:wafw00f:Checking for UTM Web Protection (Sophos) INFO:wafw00f:Checking for Squarespace (Squarespace) INFO:wafw00f:Checking for SquidProxy IDS (SquidProxy) INFO:wafw00f:Checking for StackPath (StackPath) INFO:wafw00f:Checking for Sucuri CloudProxy (Sucuri Inc.) INFO:wafw00f:Checking for Tencent Cloud Firewall (Tencent Technologies) INFO:wafw00f:Checking for Teros (Citrix Systems) INFO:wafw00f:Checking for Trafficshield (F5 Networks) INFO:wafw00f:Checking for TransIP Web Firewall (TransIP) INFO:wafw00f:Checking for URLMaster SecurityCheck (iFinity/DotNetNuke) INFO:wafw00f:Checking for URLScan (Microsoft) INFO:wafw00f:Checking for UEWaf (UCloud) INFO:wafw00f:Checking for Varnish (OWASP) INFO:wafw00f:Checking for Viettel (Cloudrity) INFO:wafw00f:Checking for VirusDie (VirusDie LLC) INFO:wafw00f:Checking for Wallarm (Wallarm Inc.) INFO:wafw00f:Checking for WatchGuard (WatchGuard Technologies) INFO:wafw00f:Checking for WebARX (WebARX Security Solutions) INFO:wafw00f:Checking for WebKnight (AQTRONIX) INFO:wafw00f:Checking for WebLand (WebLand) INFO:wafw00f:Checking for wpmudev WAF (Incsub) INFO:wafw00f:Checking for RayWAF (WebRay Solutions) INFO:wafw00f:Checking for WebSEAL (IBM) INFO:wafw00f:Checking for WebTotem (WebTotem) INFO:wafw00f:Checking for West263 CDN (West263CDN) INFO:wafw00f:Checking for Wordfence (Defiant) INFO:wafw00f:Checking for WP Cerber Security (Cerber Tech) INFO:wafw00f:Checking for WTS-WAF (WTS) INFO:wafw00f:Checking for 360WangZhanBao (360 Technologies) INFO:wafw00f:Checking for XLabs Security WAF (XLabs) INFO:wafw00f:Checking for Xuanwudun (Xuanwudun) INFO:wafw00f:Checking for Yundun (Yundun) INFO:wafw00f:Checking for Yunsuo (Yunsuo) INFO:wafw00f:Checking for Yunjiasu (Baidu Cloud Computing) INFO:wafw00f:Checking for YXLink (YxLink Technologies) INFO:wafw00f:Checking for Zenedge (Zenedge) INFO:wafw00f:Checking for ZScaler (Accenture) INFO:wafw00f:Checking for Shieldon Firewall (Shieldon.io) INFO:wafw00f:Identified WAF: ['Cloudflare (Cloudflare Inc.)'] [+] The site https://blog.virginia.org/ is behind Cloudflare (Cloudflare Inc.) WAF. [+] Generic Detection results: INFO:wafw00f:Request Succeeded INFO:wafw00f:Request Succeeded INFO:wafw00f:Request Succeeded INFO:wafw00f:Request Succeeded INFO:wafw00f:Request Succeeded [-] No WAF detected by the generic detection [~] Number of requests: 7 INFO:wafw00f:Found: 2 matches.
Additional context A 403 with Wordfence info is presented on a normal GET request if, I assume, the IP is in a blacklist.
[*] Checking https://blog.virginia.org
[+] The site https://blog.virginia.org is behind Cloudflare (Cloudflare Inc.) WAF.
[~] Number of requests: 2
A website having more than 1 WAF is detected as only having 1.
wafw00f cannot bypass 1 waf to detect 2 waf
wafw00f does not actually detect Wordfence on this website. To test for Wordfence only, I ran the following command with the below output:
wafw00f https://blog.virginia.org -t 'Wordfence (Defiant)'
______
/ \
( Woof! )
\ ____/ )
,, ) (_
.-. - _______ ( |__|
()``; |==|_______) .)|__|
/ (' /|\ ( |__|
( / ) / | \ . |__|
\(_)_)) / | \ |__|
~ WAFW00F : v2.1.0 ~
The Web Application Firewall Fingerprinting Toolkit
[*] Checking https://blog.virginia.org
[-] WAF Wordfence (Defiant) was not detected on https://blog.virginia.org
I'm going to close this issue.
@thansk please reopen if you can give us details of how wafw00f should detect Wordfence. Ideally, detection should not trigger a blocklist :-)
Describe the bug A website having more than 1 WAF is detected as only having 1.
To Reproduce
wafw00f https://blog.virginia.org
Expected behavior It will be useful to have both detected and displayed.
Screenshots N/A
Desktop (please complete the following information): Python 3.9.7
Debug output Paste the output that you get when passing
-vv
to wafw00f. Example:Additional context A 403 with Wordfence info is presented on a normal GET request if, I assume, the IP is in a blacklist.