WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
BSD 3-Clause "New" or "Revised" License
5.17k
stars
924
forks
source link
Added request-url on which triggered WAF to json output file #179
Closed
mikhailevtikhov closed 1 year ago
In most cases, when processing wafw00f results, you want to see the requests that WAF triggers.
Adding the request that triggered the WAF to the output json file is implemented in this PR - https://github.com/vulnspace/wafw00f/pull/1
Example of json output file: [ {"url": "Target", "detected": true, "evil_url": "Target/?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd", "firewall": "Cloudflare", "manufacturer": "Cloudflare Inc." } ]