Wafme0w
Fast and lightweight Web Application Firewall fingerprinting tool.
Features
Based on Wafw00f, its features are:
- Can detect 153 different Firewalls
- Concurrent fingerprinting
- STDIN supported
- Fast detection mode for huge target lists
- Multiple output formats supported (JSON, file, stdout)
Benchmark
Scanned Alexa top 100 domains. Running on i7-7700K CPU @ 4.20GHz × 4 (8 Threads)
tool |
flags |
Time elapsed |
Wafs found |
Generic Wafs found |
Diff |
wafme0w |
--fast --concurrency 30 |
1min 37s (Best) |
20 |
11 |
+0% |
wafme0w |
--concurrency 30 |
3min 51s |
22 (Best) |
16 |
+138% |
wafw00f |
|
13min 3s |
20 |
16 |
+707% |
wafw00f |
-a |
15min 8s |
20 |
23 (Best) |
+836% |
Getting started
Installation
wafme0w
requires go >= 1.19 to install successfully. Run the following command to install the latest version:
go install -v github.com/Lu1sDV/wafme0w/cmd/wafme0w@latest
Running Wafme0w
To run the tool on a target, just use the following command.
cat /tmp/alexa-top-30.txt | wafme0w --concurrency 30 --no-warning --no-generic
/\_/\ ___
= o_o =_______ \ \
__^ __( \.__) )
<_____>__(_____)____/
Wafme0w v1.0.0
Fast Web Application Firewall Fingerprinting tool
[~] https://microsoftonline.com no WAFs have been found
[~] https://reddit.com no WAFs have been found
[+] https://canva.com is behind Cloudflare (Cloudflare Inc.)
[~] https://whatsapp.com no WAFs have been found
[~] https://microsoft.com no WAFs have been found
[~] https://live.com no WAFs have been found
[~] https://163.com no WAFs have been found
[~] https://yandex.ru no WAFs have been found
[~] https://zhihu.com no WAFs have been found
[~] https://taobao.com no WAFs have been found
[~] https://wikipedia.org no WAFs have been found
[~] https://qq.com no WAFs have been found
[~] https://bilibili.com no WAFs have been found
[~] https://bing.com no WAFs have been found
[~] https://vk.com no WAFs have been found
[~] https://facebook.com no WAFs have been found
[~] https://twitch.tv no WAFs have been found
[~] https://google.com no WAFs have been found
[~] https://yahoo.com no WAFs have been found
[~] https://linkedin.com no WAFs have been found
[~] https://twitter.com no WAFs have been found
[~] https://office.com no WAFs have been found
[+] https://zoom.us is behind Cloudflare (Cloudflare Inc.)
[~] https://csdn.net no WAFs have been found
[~] https://github.com no WAFs have been found
[~] https://baidu.com no WAFs have been found
[~] https://netflix.com no WAFs have been found
[+] https://amazon.com is behind Cloudfront (Amazon)
[~] https://instagram.com no WAFs have been found
[~] https://youtube.com no WAFs have been found
Wafme0w Go library
Usage Example:
package main
import (
"bytes"
"fmt"
"github.com/Lu1sDV/wafme0w/pkg/wafme0w"
"os"
)
func main() {
targets := []byte("https://google.com\nhttps://paypal.com\n")
targetsReader := bytes.NewReader(targets)
/*
Otherwise you can also load your targets from a file
targetsReader, err := os.Open("/tmp/alexa-top-20.txt")
if err != nil {
panic(err)
}
*/
fingerPrintsFile, err := os.Open("/PATH/TO/wafme0w/cmd/wafme0w/resources/waf-fingerprints.json")
//fingerprints at https://github.com/Lu1sDV/wafme0w/blob/main/cmd/wafme0w/resources/waf-fingerprints.json
opts := &wafme0w.Options{Inputs: targetsReader,
FingerPrints: fingerPrintsFile,
Silent: true,
Concurrency: 10,
//FastMode: true,
//OutputFile: "myout.json",
}
runner := wafme0w.NewRunner(opts)
result, err := runner.Scan()
if err != nil {
panic(err)
}
fmt.Printf("%#v\n", result)
}
|
Thanks
People who contributed
@Fibonaccispiralz
divittorioluis AT gmail DOT com
Project Link: https://github.com/Lu1sDV/wafme0w