wafme0w

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2022 License: MIT Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHTTPClient 

func NewHTTPClient() http.Client

func PrintAllWafs 

func PrintAllWafs(wafs map[string]string, au *aurora.Aurora)

func PrintBanner 

func PrintBanner()

func PrintError 

func PrintError(error string, au *aurora.Aurora)

func PrintWarning 

func PrintWarning(warning string, au *aurora.Aurora)

Types

type FingerPrint 

type FingerPrint struct {
	Type        string `json:"type,omitempty"`         // Header or Content or Cookie or Status or Reason
	HeaderKey   string `json:"header_key,omitempty"`   // Only for header type
	HeaderValue string `json:"header_value,omitempty"` // Only for header type
	Pattern     string `json:"pattern,omitempty"`      // Fingerprint for other types
	Attack      bool   `json:"attack,omitempty"`
}

type FingerPrintDetection 

type FingerPrintDetection struct {
	WafName string
}

type GenericDetection 

type GenericDetection struct {
	Reason                string
	Mode                  GenericDetectionMode
	BeforeStatus          int
	AfterStatus           int
	BeforeHeader          string
	AfterHeader           string
	RequestType           string
	GenericWAFHeader      string
	GenericWAFHeaderValue string
}

type GenericDetectionMode added in v0.2.0 

type GenericDetectionMode int
const (
	ChangeInHeader GenericDetectionMode = iota
	ChangeInStatus
	WAFHeaderDetected
)

func (GenericDetectionMode) String added in v0.2.0 

func (g GenericDetectionMode) String() string

type HTTPRequest 

type HTTPRequest struct {
	Options RequestOpts
	Client  http.Client
}

func NewHTTPRequest 

func NewHTTPRequest(options RequestOpts, client http.Client) HTTPRequest

func (HTTPRequest) Send 

func (h HTTPRequest) Send() (response RequestResponse, err error)

type Identify 

type Identify struct {
	Responses []RequestResponse
	Wafs      []WAF
}

func NewIdentifier 

func NewIdentifier(responses []RequestResponse, wafs []WAF) *Identify

func (*Identify) DoAll 

func (i *Identify) DoAll() []FingerPrintDetection

DoAll does WAF fingerprint on all received http responses

func (*Identify) GenericDetect 

func (i *Identify) GenericDetect() GenericDetection

GenericDetect detects generic firewall activities

type Options 

type Options struct {
	Inputs           io.Reader
	FingerPrints     io.Reader
	Headers          []string
	StdIn            bool
	Target           string `short:"t" long:"target" description:"Your Web Application target"`
	InputFile        string `short:"I" long:"input" description:"Your input file with a list of targets"`
	OutputFile       string `short:"O" long:"output" description:"Output file, will be JSON CSV or TXT depending on extension"`
	HeadersFile      string `short:"H" long:"headers" description:"File containing custom headers, will replace default ones"`
	FingerPrintFile  string `long:"fingerprints" description:"File containing the JSON-formatted fingerprints"`
	Concurrency      int    `short:"c" long:"concurrency" description:"Number of concurrent workers" default:"20"`
	FastMode         bool   `long:"fast" description:"Enable Fast Mode, blazing fast but less precise. Sends less requests more concurrently"`
	ExcludeGeneric   bool   `long:"no-generic" description:"Exclude generic WAF check"`
	ListWAFS         bool   `long:"list" description:"List all detectable WAFs"`
	Silent           bool   `long:"silent" description:"Enable silent mode to disable console output"`
	NoColors         bool   `long:"no-colors" description:"Disable colored output"`
	SuppressWarnings bool   `long:"no-warning" description:"Suppress console scan warnings"`
}

func NewOptions 

func NewOptions() *Options

type RequestOpts 

type RequestOpts struct {
	Method   string
	Target   string
	Path     string
	Headers  map[string]string
	Params   map[string]string
	Type     string
	PostBody io.Reader
}

type RequestResponse 

type RequestResponse struct {
	Target string
	Type   string
	Data   *http.Response
	Body   []byte
	Error  error
}

type RequestTypes added in v0.2.0 

type RequestTypes struct {
	Normal        RequestOpts
	NoUserAgent   RequestOpts
	NonExistent   RequestOpts
	XssAttack     RequestOpts
	XxeAttack     RequestOpts
	LfiAttack     RequestOpts
	CentralAttack RequestOpts
	SqliAttack    RequestOpts
	RceAttack     RequestOpts
}

func (RequestTypes) GetByType added in v0.2.0 

func (t RequestTypes) GetByType(requestType string) (*RequestOpts, error)

type Result 

type Result struct {
	Target      string
	FingerPrint []FingerPrintDetection
	Generic     GenericDetection
	Errors      []error
}

type Runner 

type Runner struct {
	Options *Options
	Wafs    []WAF
	Aurora  *aurora.Aurora
}

func NewRunner 

func NewRunner(options *Options) *Runner

func (*Runner) GetAllWAFs 

func (r *Runner) GetAllWAFs() (map[string]string, error)

GetAllWAFs gets all wafs and returns a map waf=>manufacturer

func (*Runner) Scan 

func (r *Runner) Scan() ([]Result, error)

type Scheme 

type Scheme struct {
	FingerPrints []FingerPrint `json:"fingerprints,omitempty"`
	Any          bool          `json:"any,omitempty"` //If any fingerprint should be present or if all of them
}

type WAF 

type WAF struct {
	Name    string   `json:"name"` //WAF NAME
	Schemas []Scheme `json:"schemas"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.