Identificando WAF - Web Application Firewall

Uma outra forma de identificarmos um WAF, é utilizando uma ferramenta chamada wafw00f.

┌──(user㉿kali)-[~/Desktop]
└─$ wafw00f desecsecurity.com        

                   ______
                  /      \
                 (  Woof! )
                  \  ____/                      )
                  ,,                           ) (_
             .-. -    _______                 ( |__|
            ()``; |==|_______)                .)|__|
            / ('        /|\                  (  |__|
        (  /  )        / | \                  . |__|
         \(_)_))      /  |  \                   |__|

                    ~ WAFW00F : v2.1.0 ~
    The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://desecsecurity.com
[+] The site https://desecsecurity.com is behind GoDaddy Website Protection (GoDaddy) WAF.

┌──(user㉿kali)-[~/Desktop]
└─$ wafw00f https://www.serasa.com.br  

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.1.0 ~
        The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://www.serasa.com.br
[+] The site https://www.serasa.com.br is behind Cloudfront (Amazon) WAF.
[~] Number of requests: 2

PreviousEnumerando HTTPS NextEnumerando FTP

Last updated 4 years ago

Was this helpful?