README
¶
Unwaf
Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unwaf will check SPF records.
If you want it to check DNS history records, setup ViewDNS and/or SecurityTrails in Unwaf config file ($HOME/.unwaf.conf). The tool will create an example config file after first execution.
Unwaf is automating the steps I explained on this LinkedIn Post: Passive WAF bypassing
Installation
To install Unwaf, use the go install command:
go install github.com/mmarting/unwaf@latest
Usage
Use -h to display the help for the tool:
unwaf -h
Unwaf requires a domain (-d) as the only mandatory parameter. The tool admits the following options:
Options
-d, --domain: The domain to check (required).
-s, --source: The source HTML file to compare (optional).
-c, --config: The config file path (optional, default: $HOME/.wafbypass.conf).
-h, --help: Display help information.
Examples
Check a domain:
unwaf --domain example.com
Check a domain with a manually provided HTML file:
unwaf --domain example.com --source original.html
Check a domain with a custom location for the config file:
unwaf --domain example.com --config /path/to/config
Author
Martín Martín
License
unwaf is distributed under GPL v3 License.
Documentation
¶
There is no documentation for this package.
Source Files