search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.17k stars 924 forks source link

Added request-url on which triggered WAF to json output file #179

Closed mikhailevtikhov closed 1 year ago

mikhailevtikhov commented 1 year ago

In most cases, when processing wafw00f results, you want to see the requests that WAF triggers.

Adding the request that triggered the WAF to the output json file is implemented in this PR - https://github.com/vulnspace/wafw00f/pull/1

Example of json output file: [ {"url": "Target", "detected": true, "evil_url": "Target/?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd", "firewall": "Cloudflare", "manufacturer": "Cloudflare Inc." } ]