zoukankan      html  css  js  c++  java

  • 使用wafw00f 识别网站使用的waf类型

    渗透工具地址:https://github.com/EnableSecurity/wafw00f,这是一款pyhon工具,所以在测试前需要准备好python环境,我这里用的是python 3.7.7

     

        D:>cd wafw00f-master
        D:wafw00f-master>python setup.py install    #初始化
            running install
            running bdist_egg
            running egg_info
            creating wafw00f.egg-info
            writing wafw00f.egg-infoPKG-INFO
            writing dependency_links to wafw00f.egg-infodependency_links.txt
            writing requirements to wafw00f.egg-info equires.txt
            writing top-level names to wafw00f.egg-info op_level.txt
            writing manifest file 'wafw00f.egg-infoSOURCES.txt'
            reading manifest file 'wafw00f.egg-infoSOURCES.txt'
            reading manifest template 'MANIFEST.in'
            writing manifest file 'wafw00f.egg-infoSOURCES.txt'
            installing library code to builddist.win-amd64egg
            running install_lib
            running build_py
               .
               .
               .
         
        D:wafw00f-master>cd wafw00f
        D:wafw00f-masterwafw00f>pip list   #查看是否有certifi,chardet这两件插件,如果没有需要pip安装一下
            Package    Version
            ---------- -------
            certifi    2020.4.5.1
            chardet    3.0.4
            idna       2.9
            pip        19.2.3
            pluginbase 1.0.0
            pysocks    1.7.1
            requests   2.23.0
            setuptools 41.2.0
            urllib3    1.25.8
            wafw00f    2.1.0
         
        D:wafw00f-masterwafw00f>pip install chardet
        D:wafw00f-masterwafw00f>pip install certifi
         
        D:wafw00f-masterwafw00f>python main.py http://www.yanjian.com.cn/   #进行WAF扫描测试
         
                        ______
                       /     
                      (  W00f! )
                         ____/
                       ,,    __            404 Hack Not Found
                   |`-.__   / /                      __     __
                   /"  _/  /_/                          / /
                  *===*    /                          \_/ /  405 Not Allowed
                 /     )__//                              /
            /|  /     /---`                        403 Forbidden
            \/`   |                                 / _
            `    /_\_              502 Bad Gateway  / /   500 Internal Error
              `_____``-`                             /_/   \_
                                ~ WAFW00F : v2.1.0 ~
                The Web Application Firewall Fingerprinting Toolkit
        [*] Checking http://www.yanjian.com.cn/
        [+] The site http://www.yanjian.com.cn/ is behind Safedog (SafeDog) WAF.   #存在安全狗
        [~] Number of requests: 2
    ————————————————
    版权声明:本文为CSDN博主「songling515010475」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
    原文链接:https://blog.csdn.net/songling515010475/article/details/105546763
  • 相关阅读:
    Swizzle在OC问题排查中的应用
    MacOS中系统提供的音频单元
    Mac catalyst 使用iOS-AudioUnit的音频采集、播放
    删除单向链表中的某一个节点
    C语言的的free和c++的delete的区别
    Mac下使用源码编译安装TensorFlow CPU版本
    ROC曲线与AUC值
    Linux中如何产生core文件?
    更改Linux默认栈空间的大小
    互信息(Mutual Information)
  • 原文地址:https://www.cnblogs.com/bonelee/p/14772952.html
Copyright © 2011-2022 走看看