微信公众号:乌鸦安全
扫取二维码获取更多信息!
01 介绍
Web应用防护系统(也称为:网站应用级入侵防御系统。英文:Web Application Firewall,简称:WAF)。利用国际上公认的一种说法:Web应用防火墙是通过执行一系列针对HTTP/HTTPS的安全策略来专门为Web应用提供保护的一款产品。
02 常见的waf分类
2.1 云waf
百度安全宝、阿里云盾、长亭雷池等
2.2 硬件waf
绿盟的、深信服的
2.3 软件waf
安全狗、D盾、云锁等
2.4 代码级waf
自己写的waf规则,防止出现注入等,一般是在代码里面写死的(这里是一般情况)
03 常见的waf拦截页面(83个国内外WAF)
以下截图均来自于下方GitHub,而且我也没有修改文件的名称,如果有需要,请自行前往GitHub查阅,或收藏本页面
https://github.com/stamparm/identYwaf/tree/master/screenshots
360.png
aesecure.png
airlock.png
alertlogic.png
aliyundun.png
anquanbao.png
approach.png
armor.png
asm.png
astra.png
aws.png
barracuda.png
bekchy.png
bitninja.png
bluedon.png
bulletproof.png
cdnns.png
cerber.png
chuangyu.png
cloudbric.png
cloudflare.png
cloudfront.png
comodo.png
crawlprotect.png
distil.png
dotdefender.png
duedge.png
expressionengine.png
fortiweb.png
godaddy.png
greywizard.png
gtmc.png
imunify360.png
incapsula.png
janusec.png
jiasule.png
kona.png
kuipernet.png
malcare.png
modsecurity.png
naxsi.png
netscaler.png
newdefend.png
nexusguard.png
ninjafirewall.png
onmessageshield.png
openrasp.png
paloalto.png
profense.png
radware.png
reblaze.png
requestvalidationmode.png
rsfirewall.png
safe3.png
safedog.png
safeline.png
secupress.png
secureentry.png
secureiis.png
securesphere.png
shieldsecurity.png
siteground.png
siteguard.png
sitelock.png
sonicwall.png
squarespace.png
stackpath.png
sucuri.png
tencent.png
urlmaster.png
urlscan.png
virusdie.png
vsf.png
wallarm.png
watchguard.png
webarx.png
webknight.png
webland.png
wordfence.png
wts.png
yundun.png
yunsuo.png
zenedge.png
04 waf识别工具
4.1 工具原理
识别WAF,可以在WAF指纹目录下自行编写脚本。这类WAF识别工具的原理基本都是根据HTTP头部信息、状态码以及WAF拦截页中的图片、文字作为特征来进行检测
4.2 waf识别工具:wafw00f
下载链接地址:
https://github.com/EnableSecurity/wafw00f
5.2.1 安装教程
wafw00f 在已安装python的环境中,可通过pip进行安装。
pip3 install wafw00f
安装之后,直接:wafw00f(mac下)
windows下:
pip3 install wafwoof
cd c:\python\lib\site-packages\wafw00f\
python main.py
通过命令 wafw00f -l 可以列出可识别的waf
WAF Name Manufacturer
-------- ------------
ACE XML Gateway Cisco
aeSecure aeSecure
AireeCDN Airee
Airlock Phion/Ergon
Alert Logic Alert Logic
AliYunDun Alibaba Cloud Computing
Anquanbao Anquanbao
AnYu AnYu Technologies
Approach Approach
AppWall Radware
Armor Defense Armor
ArvanCloud ArvanCloud
ASP.NET Generic Microsoft
ASPA Firewall ASPA Engineering Co.
Astra Czar Securities
AWS Elastic Load Balancer Amazon
AzionCDN AzionCDN
Azure Front Door Microsoft
Barikode Ethic Ninja
Barracuda Barracuda Networks
Bekchy Faydata Technologies Inc.
Beluga CDN Beluga
BIG-IP Local Traffic Manager F5 Networks
BinarySec BinarySec
BitNinja BitNinja
BlockDoS BlockDoS
Bluedon Bluedon IST
BulletProof Security Pro AITpro Security
CacheWall Varnish
CacheFly CDN CacheFly
Comodo cWatch Comodo CyberSecurity
CdnNS Application Gateway CdnNs/WdidcNet
ChinaCache Load Balancer ChinaCache
Chuang Yu Shield Yunaq
Cloudbric Penta Security
Cloudflare Cloudflare Inc.
Cloudfloor Cloudfloor DNS
Cloudfront Amazon
CrawlProtect Jean-Denis Brun
DataPower IBM
DenyALL Rohde & Schwarz CyberSecurity
Distil Distil Networks
DOSarrest DOSarrest Internet Security
DotDefender Applicure Technologies
DynamicWeb Injection Check DynamicWeb
Edgecast Verizon Digital Media
Eisoo Cloud Firewall Eisoo
Expression Engine EllisLab
BIG-IP AppSec Manager F5 Networks
BIG-IP AP Manager F5 Networks
Fastly Fastly CDN
FirePass F5 Networks
FortiWeb Fortinet
GoDaddy Website Protection GoDaddy
Greywizard Grey Wizard
Huawei Cloud Firewall Huawei
HyperGuard Art of Defense
Imunify360 CloudLinux
Incapsula Imperva Inc.
IndusGuard Indusface
Instart DX Instart Logic
ISA Server Microsoft
Janusec Application Gateway Janusec
Jiasule Jiasule
Kona SiteDefender Akamai
KS-WAF KnownSec
KeyCDN KeyCDN
LimeLight CDN LimeLight
LiteSpeed LiteSpeed Technologies
Open-Resty Lua Nginx FLOSS
Oracle Cloud Oracle
Malcare Inactiv
MaxCDN MaxCDN
Mission Control Shield Mission Control
ModSecurity SpiderLabs
NAXSI NBS Systems
Nemesida PentestIt
NevisProxy AdNovum
NetContinuum Barracuda Networks
NetScaler AppFirewall Citrix Systems
Newdefend NewDefend
NexusGuard Firewall NexusGuard
NinjaFirewall NinTechNet
NullDDoS Protection NullDDoS
NSFocus NSFocus Global Inc.
OnMessage Shield BlackBaud
Palo Alto Next Gen Firewall Palo Alto Networks
PerimeterX PerimeterX
PentaWAF Global Network Services
pkSecurity IDS pkSec
PT Application Firewall Positive Technologies
PowerCDN PowerCDN
Profense ArmorLogic
Puhui Puhui
Qiniu Qiniu CDN
Reblaze Reblaze
RSFirewall RSJoomla!
RequestValidationMode Microsoft
Sabre Firewall Sabre
Safe3 Web Firewall Safe3
Safedog SafeDog
Safeline Chaitin Tech.
SecKing SecKing
eEye SecureIIS BeyondTrust
SecuPress WP Security SecuPress
SecureSphere Imperva Inc.
Secure Entry United Security Providers
SEnginx Neusoft
ServerDefender VP Port80 Software
Shield Security One Dollar Plugin
Shadow Daemon Zecure
SiteGround SiteGround
SiteGuard Sakura Inc.
Sitelock TrueShield
SonicWall Dell
UTM Web Protection Sophos
Squarespace Squarespace
SquidProxy IDS SquidProxy
StackPath StackPath
Sucuri CloudProxy Sucuri Inc.
Tencent Cloud Firewall Tencent Technologies
Teros Citrix Systems
Trafficshield F5 Networks
TransIP Web Firewall TransIP
URLMaster SecurityCheck iFinity/DotNetNuke
URLScan Microsoft
UEWaf UCloud
Varnish OWASP
Viettel Cloudrity
VirusDie VirusDie LLC
Wallarm Wallarm Inc.
WatchGuard WatchGuard Technologies
WebARX WebARX Security Solutions
WebKnight AQTRONIX
WebLand WebLand
RayWAF WebRay Solutions
WebSEAL IBM
WebTotem WebTotem
West263 CDN West263CDN
Wordfence Defiant
WP Cerber Security Cerber Tech
WTS-WAF WTS
360WangZhanBao 360 Technologies
XLabs Security WAF XLabs
Xuanwudun Xuanwudun
Yundun Yundun
Yunsuo Yunsuo
Yunjiasu Baidu Cloud Computing
YXLink YxLink Technologies
Zenedge Zenedge
ZScaler Accenture
5.2.2 wafw00f识别实例
wafw00f http://www.xxx.com/view_detail.asp\?id\=78
在这里可以识别出来为WTS
5.3 waf识别工具:identYwaf
下载地址:
https://github.com/stamparm/identywaf
在identYwaf中有一个文件夹:screenshots
,在这里面一共存放了83个waf的拦截页面,也就是上面本文发的。
使用方法:
python3 identYwaf.py http://www.xxx.com/view_detail.asp\?id\=78
无论是何种识别工具,都存在一定的误报或无法识别等,所以有些时候需要人工进行判断,以上信息仅供参考!
如果无法访问GitHub,可以在公众号回复 waf识别 下载wafw00f和identYwaf文件。
微信公众号:乌鸦安全
扫取二维码获取更多信息!