使用wafw00f 识别网站使用的waf类型
渗透工具地址:https://github.com/EnableSecurity/wafw00f,这是一款pyhon工具,所以在测试前需要准备好python环境,我这里用的是python 3.7.7
D:\>cd wafw00f-master
D:\wafw00f-master>python setup.py install #初始化
running install
running bdist_egg
running egg_info
creating wafw00f.egg-info
writing wafw00f.egg-info\PKG-INFO
writing dependency_links to wafw00f.egg-info\dependency_links.txt
writing requirements to wafw00f.egg-info\requires.txt
writing top-level names to wafw00f.egg-info\top_level.txt
writing manifest file 'wafw00f.egg-info\SOURCES.txt'
reading manifest file 'wafw00f.egg-info\SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'wafw00f.egg-info\SOURCES.txt'
installing library code to build\bdist.win-amd64\egg
running install_lib
running build_py
.
.
.
D:\wafw00f-master>cd wafw00f
D:\wafw00f-master\wafw00f>pip list #查看是否有certifi,chardet这两件插件,如果没有需要pip安装一下
Package Version
---------- -------
certifi 2020.4.5.1
chardet 3.0.4
idna 2.9
pip 19.2.3
pluginbase 1.0.0
pysocks 1.7.1
requests 2.23.0
setuptools 41.2.0
urllib3 1.25.8
wafw00f 2.1.0
D:\wafw00f-master\wafw00f>pip install chardet
D:\wafw00f-master\wafw00f>pip install certifi
D:\wafw00f-master\wafw00f>python main.py http://www.yanjian.com.cn/ #进行WAF扫描测试
______
/ \
( W00f! )
\ ____/
,, __ 404 Hack Not Found
|`-.__ / / __ __
/" _/ /_/ \ \ / /
*===* / \ \_/ / 405 Not Allowed
/ )__// \ /
/| / /---` 403 Forbidden
\\/` \ | / _ \
`\ /_\\_ 502 Bad Gateway / / \ \ 500 Internal Error
`_____``-` /_/ \_\
~ WAFW00F : v2.1.0 ~
The Web Application Firewall Fingerprinting Toolkit
[*] Checking http://www.yanjian.com.cn/
[+] The site http://www.yanjian.com.cn/ is behind Safedog (SafeDog) WAF. #存在安全狗
[~] Number of requests: 2
————————————————
版权声明:本文为CSDN博主「songling515010475」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/songling515010475/article/details/105546763
