HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

identYwaf v1.0.124 - Blind WAF identification tool

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
68747470733a2f2f696d6775722e636f6d2f415a56693976422e706e67


68747470733a2f2f696d6775722e636f6d2f776548545376392e706e67


68747470733a2f2f696d6775722e636f6d2f323063643038792e706e67


identYwaf is an identification tool that can recognize web protection type (i.e. WAF) based on blind inference. The blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently, it supports more than 80 different protection products (e.g. aeSecure, Airlock, CleanTalk, CrawlProtect, Imunify360, MalCare, ModSecurity, Palo Alto, SiteGuard, UrlScan, Wallarm, WatchGuard, Wordfence, etc.), while the knowledge-base is constantly growing.

Also, as part of this project, screenshots of characteristic responses for different web protection systems are being gathered (manually) for future reference

Changelog v1.0.124

    Adding support for Kuipernet

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top