wafalyzer v1.0.3
wafalyzer
Wafalyzer is a firewall detection utility, which attempts to determine what WAF (if any) is in the front of a web application. It does that by means of passive analysis of the HTTP response metadata (status, headers, body) and if that fails, issuing additional requests with popular malicious payloads in order to (eventually) trigger WAF's response.
Installation
Shard
-
Add the dependency to your
shard.yml
:dependencies: wafalyzer: github: NeuraLegion/wafalyzer
-
Run
shards install
CLI
- Run
shards build
- 🐗
Usage
Wafalyzer can be used as both - shard and/or standalone CLI utility.
Shard
require "wafalyzer"
# See `Wafalyzer::Settings` for all available options.
Wafalyzer.configure do |settings|
settings.use_random_user_agent = true
end
# See `Wafalyzer.detect` for all available options.
Wafalyzer.detect(
url: "https://www.apple.com",
method: "POST",
)
# => [#<Wafalyzer::Waf::Akamai>]
CLI
$ ./bin/wafalyzer -m POST -r https://www.apple.com
All of the flags can be listed by, passing --help
.
$ ./bin/wafalyzer --help
You can use LOG_LEVEL
env variable to set the desired logs severity at runtime.
$ LOG_LEVEL=debug ./bin/wafalyzer https://github.com
Development
Run specs with:
crystal spec
Contributing
- Fork it (https://github.com/NeuraLegion/wafalyzer/fork)
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Contributors
- Sijawusz Pur Rahnama - creator and maintainer
Repository
wafalyzer
Owner
Statistic
- 34
- 10
- 0
- 1
- 3
- almost 2 years ago
- August 25, 2020
License
MIT License
Links
Synced at
Sat, 21 Dec 2024 04:35:34 GMT
Languages