WAFwaf是一个web应用的保护装置,入侵检测系统IDS,入侵阻止系统IPS.nmap
nmap -p 80 --script http-waf-detect.nse www.baidu.com
Nmap scan report for www.baidu.com (61.135.169.125) Host is up (0.0042s latency).
Other addresses for www.baidu.com (not scanned):61.135.169.121
PORT STATE SERVICE
80/tcp open http | http-waf-detect: IDS/IPS/WAF detected: |_www.baidu.com:80/?p4yl04d3=<script>alert(document.cookie)</script>
更加准确的检查 可使用--script=http-waf-fingerprint
这款工具可以识别很多厂家的web防火墙
wafw00f -l
InfoGuard Airlock
Anquanbao
Barracuda Application Firewall
Better WP Security
BinarySec
BlockDoS
ChinaCache-CDN
Cisco ACE XML Gateway
CloudFlare
Comodo WAF
DenyALL WAF
Applicure dotDefender
Edgecast / Verizon Digital media
F5 BIG-IP APM
F5 BIG-IP ASM
F5 BIG-IP LTM
F5 FirePass
F5 Trafficshield
FortiWeb
Art of Defence HyperGuard
IBM Web Application Security
IBM DataPower
Imperva SecureSphere
Incapsula WAF
Microsoft ISA Server
Mission Control Application Shield
Trustwave ModSecurity
ModSecurity (OWASP CRS)
Naxsi
NetContinuum
Citrix NetScaler
AdNovum nevisProxy
NSFocus
PowerCDN
Profense
Radware AppWall
Safedog
eEye Digital Security SecureIIS
Sucuri WAF
Teros WAF
Microsoft URLScan
USP Secure Entry Server
Wallarm
Aqtronix WebKnight
Juniper WebApp Secure
West263CDN
360WangZhanBao
网友评论