search

EnableSecurity / wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
https://www.enablesecurity.com/
BSD 3-Clause "New" or "Revised" License
5.16k stars 922 forks source link

code plugin #195

Closed HalilDeniz closed 2 months ago

HalilDeniz commented 8 months ago

Hello. I'm creating a port scanning tool. and I will add web firewall detection to my tool using the wafw00f module. Can you give an example code that works with the function?

I wrote a code like this. but I'm not sure if it's true or not

from wafw00f import main

class WAFDetector:
    def __init__(self, url):
        self.url = url

    def detect_waf(self):
        waf_detector = main.WAFW00F(self.url)
        waf_info = waf_detector.identwaf()
        if not waf_info:
            waf_info = waf_detector.genericdetect()
        return waf_info

url = "https://google.com"
detector = WAFDetector(url)
detected_waf = detector.detect_waf()
print(detected_waf

and this is my tool: https://github.com/HalilDeniz/NetworkSherlock

0xInfection commented 2 months ago

hi, wafw00f was not meant to be used a programmatic library, it is and will be provided as a tool for people to use via cli, but not to integrate programmatically.

i can however suggest you a workaround. you can invoke the tool, generate the results in csv/json output formats and then read the output programmatically.

morpheuslord commented 2 months ago

hi, wafw00f was not meant to be used a programmatic library, it is and will be provided as a tool for people to use via cli, but not to integrate programmatically.

i can however suggest you a workaround. you can invoke the tool, generate the results in CSV/json output formats and then read the output programmatically.

will it not make it inefficient? I understand your perspective but the overall complexity of the system you suggest is unnecessary, but not an issue. We will figure out something eventually.