Wafid identify and fingerprint Web Application Firewall (WAF) products.
Wafid sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
For further details, check out the source code on the main site, github.com/CSecGroup/wafid.
It detects a number of WAFs.
python wafid.py -l
__ __ _____ ___________.__ .___
/ \ / \/ _ \ \_ _____/|__| __| _/
\ \/\/ / /_\ \ | __) | |/ __ |
\ / | \| \ | / /_/ |
\__/\ /\____|__ /\___ / |__\____ |
\/ \/ \/ \/
WAFid - Web Application Firewall identify Tool
By Code Security Group
WAFid can identify these WAFs:
360
Safedog
NetContinuum
Anquanbao
Baidu Yunjiasu
Knownsec KS-WAF
BIG-IP
Barracuda
BinarySEC
BlockDos
Cisco ACE
CloudFlare
NetScaler
FortiWeb
jiasule
Newdefend
Palo Alto
Safe3WAF
Profense
West263CDN
WebKnight
Wallarm
USP Secure Entry Server
Sucuri WAF
Radware AppWall
PowerCDN
Naxsi
Mission Control Application Shield
IBM WebSphere DataPower
Edgecast
Applicure dotDefender
Comodo WAF
ChinaCache-CDN
NSFocus
Also you can add waf id with finger.xml!
Usage: python wafid.py -u URL
More information about the services that I offer at Code Security Group.
contact me