Adds http-waf-detect:

Determines if a web server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or WAF (Web Application Firewall) by probing the web server with malicious payloads and detecting changes in the response code and body.
2025-12-15 04:09:01 +00:00 · 2011-08-15 21:38:58 +00:00
parent f150656540
commit 172bf91228
2 changed files with 122 additions and 0 deletions
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -95,6 +95,7 @@ Entry { filename = "http-trace.nse", categories = { "discovery", "safe", "vuln",
 Entry { filename = "http-userdir-enum.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-vhosts.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-vmware-path-vuln.nse", categories = { "default", "safe", "vuln", } }
+Entry { filename = "http-waf-detect.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "http-wp-plugins.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "iax2-version.nse", categories = { "version", } }
 Entry { filename = "imap-brute.nse", categories = { "auth", "intrusive", } }