野狼也逃不過的偵測 – WAFW00F
2024 年 10 月 20 日
wafw00f 是一款專門設計來偵測網站是否有部署網站應用程式防火牆 (WAF) 的開源工具。它能夠快速識別並報告出目標網站使用的 WAF 產品,幫助滲透測試人員和安全專家在進行滲透測試或安全分析時,了解網站的防禦措施,以便制定適當的攻擊或防護策略。
網站應用程式防火牆 (WAF, Web Application Firewall) 是一種專門設計來保護網站及其應用程式的安全設備或服務,它能夠實時監控、過濾和分析進出網站的 HTTP/HTTPS 流量。WAF 的主要功能是識別並攔截惡意流量,防止常見的網路攻擊,如 SQL 注入、跨站腳本 (XSS)、跨站請求偽造 (CSRF) 等。WAF 透過設定特定的安全策略,能夠有效辨識出異常行為,阻止試圖利用網站漏洞的攻擊者進行惡意操作,保護網站的數據與用戶安全。由於網站應用程式防火牆可以對不同類型的應用層攻擊進行防護,因此對於運營電子商務、銀行等敏感數據服務的網站來說,WAF 是一項必不可少的安全措施。
任務目標
作為滲透測試人員,您應該使用各種網路工具來探測目標一切訊息。
您將使用駭客工具,掃描並確認目標防火牆系統,以擬定進一步的滲透行為。
使用工具
wafw00f
作者:EnableSecurity
載點:https://github.com/stwater20/wafw00f
簡介:Web應用程序防火牆指紋識別工具。
攻擊環境
OS:Kali 2021.04
滲透目標:Win10
進行演練
Step 1. 開啟 Terminal 下載 wafw00f 工具。
git clone https://github.com/stwater20/wafw00f
Step 2. 安裝工具,有可能還需安裝pip3、setuptools。
sudo apt install python3-pip
sudo apt-get install -y python-setuptools
sudo python setup.py install
Step 3. 對目標進行掃描。
wafw00f https://{你的目標主機位置}
Step 4. 最後,判定目標可能有 WAF,但有什麼呢? 就交給您去尋找吧!
討論
知己知彼百戰百勝,進行滲透時的首要任務就是偵查目標,尋找到對應的防火牆系統,也就能找到對應的設置規則,也就可以試著尋找繞過這些規則的漏洞了。
備註
此工具可以偵測的WAFs:
ACE XML Gateway Cisco
aeSecure aeSecure
AireeCDN Airee
Airlock Phion/Ergon
Alert Logic Alert Logic
AliYunDun Alibaba Cloud Computing
Anquanbao Anquanbao
AnYu AnYu Technologies
Approach Approach
AppWall Radware
Armor Defense Armor
ArvanCloud ArvanCloud
ASP.NET Generic Microsoft
ASPA Firewall ASPA Engineering Co.
Astra Czar Securities
AWS Elastic Load Balancer Amazon
AzionCDN AzionCDN
Azure Front Door Microsoft
Barikode Ethic Ninja
Barracuda Barracuda Networks
Bekchy Faydata Technologies Inc.
Beluga CDN Beluga
BIG-IP Local Traffic Manager F5 Networks
BinarySec BinarySec
BitNinja BitNinja
BlockDoS BlockDoS
Bluedon Bluedon IST
BulletProof Security Pro AITpro Security
CacheWall Varnish
CacheFly CDN CacheFly
Comodo cWatch Comodo CyberSecurity
CdnNS Application Gateway CdnNs/WdidcNet
ChinaCache Load Balancer ChinaCache
Chuang Yu Shield Yunaq
Cloudbric Penta Security
Cloudflare Cloudflare Inc.
Cloudfloor Cloudfloor DNS
Cloudfront Amazon
CrawlProtect Jean-Denis Brun
DataPower IBM
DenyALL Rohde & Schwarz CyberSecurity
Distil Distil Networks
DOSarrest DOSarrest Internet Security
DotDefender Applicure Technologies
DynamicWeb Injection Check DynamicWeb
Edgecast Verizon Digital Media
Eisoo Cloud Firewall Eisoo
Expression Engine EllisLab
BIG-IP AppSec Manager F5 Networks
BIG-IP AP Manager F5 Networks
Fastly Fastly CDN
FirePass F5 Networks
FortiWeb Fortinet
GoDaddy Website Protection GoDaddy
Greywizard Grey Wizard
Huawei Cloud Firewall Huawei
HyperGuard Art of Defense
Imunify360 CloudLinux
Incapsula Imperva Inc.
IndusGuard Indusface
Instart DX Instart Logic
ISA Server Microsoft
Janusec Application Gateway Janusec
Jiasule Jiasule
Kona SiteDefender Akamai
KS-WAF KnownSec
KeyCDN KeyCDN
LimeLight CDN LimeLight
LiteSpeed LiteSpeed Technologies
Open-Resty Lua Nginx FLOSS
Oracle Cloud Oracle
Malcare Inactiv
MaxCDN MaxCDN
Mission Control Shield Mission Control
ModSecurity SpiderLabs
NAXSI NBS Systems
Nemesida PentestIt
NevisProxy AdNovum
NetContinuum Barracuda Networks
NetScaler AppFirewall Citrix Systems
Newdefend NewDefend
NexusGuard Firewall NexusGuard
NinjaFirewall NinTechNet
NullDDoS Protection NullDDoS
NSFocus NSFocus Global Inc.
OnMessage Shield BlackBaud
Palo Alto Next Gen Firewall Palo Alto Networks
PerimeterX PerimeterX
PentaWAF Global Network Services
pkSecurity IDS pkSec
PT Application Firewall Positive Technologies
PowerCDN PowerCDN
Profense ArmorLogic
Puhui Puhui
Qcloud Tencent Cloud
Qiniu Qiniu CDN
Reblaze Reblaze
RSFirewall RSJoomla!
RequestValidationMode Microsoft
Sabre Firewall Sabre
Safe3 Web Firewall Safe3
Safedog SafeDog
Safeline Chaitin Tech.
SecKing SecKing
eEye SecureIIS BeyondTrust
SecuPress WP Security SecuPress
SecureSphere Imperva Inc.
Secure Entry United Security Providers
SEnginx Neusoft
ServerDefender VP Port80 Software
Shield Security One Dollar Plugin
Shadow Daemon Zecure
SiteGround SiteGround
SiteGuard Sakura Inc.
Sitelock TrueShield
SonicWall Dell
UTM Web Protection Sophos
Squarespace Squarespace
SquidProxy IDS SquidProxy
StackPath StackPath
Sucuri CloudProxy Sucuri Inc.
Tencent Cloud Firewall Tencent Technologies
Teros Citrix Systems
Trafficshield F5 Networks
TransIP Web Firewall TransIP
URLMaster SecurityCheck iFinity/DotNetNuke
URLScan Microsoft
UEWaf UCloud
Varnish OWASP
Viettel Cloudrity
VirusDie VirusDie LLC
Wallarm Wallarm Inc.
WatchGuard WatchGuard Technologies
WebARX WebARX Security Solutions
WebKnight AQTRONIX
WebLand WebLand
RayWAF WebRay Solutions
WebSEAL IBM
WebTotem WebTotem
West263 CDN West263CDN
Wordfence Defiant
WP Cerber Security Cerber Tech
WTS-WAF WTS
360WangZhanBao 360 Technologies
XLabs Security WAF XLabs
Xuanwudun Xuanwudun
Yundun Yundun
Yunsuo Yunsuo
Yunjiasu Baidu Cloud Computing
YXLink YxLink Technologies
Zenedge Zenedge
ZScaler Accenture免責聲明
未經事先雙方同意,使用本工具攻擊目標是非法的。請遵守當地法律規範。開發者與本作者對此工具不承擔任何責任,也不對任何濫用或損壞負責。