Adding waf script for detection of generic/unknown

2025-12-07 05:01:30 +00:00 · 2016-05-27 16:34:41 +02:00
parent f9d01f682b
commit 69fd900108
5 changed files with 35 additions and 3 deletions
--- a/waf/cloudflare.py
+++ b/waf/cloudflare.py
@@ -18,10 +18,12 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
        retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        if code > 400:
+
+        if code >= 400:
            retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
            retval |= headers.get("cf-ray") is not None
            retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None
+
        if retval:
            break