Update of WAF scripts

2025-12-15 20:29:04 +00:00 · 2018-08-05 14:19:27 +02:00
parent 1f9bf587b5
commit af89137f2c
7 changed files with 60 additions and 6 deletions
--- a/waf/cloudflare.py
+++ b/waf/cloudflare.py
@@ -17,7 +17,7 @@ def detect(get_page):

    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None

        if code >= 400:
            retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
--- a/waf/distil.py
+++ b/waf/distil.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Distil Web Application Firewall Security (Distil Networks)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        _, headers, _ = get_page(get=vector)
+        retval = headers.get("x-distil-cs") is not None
+        if retval:
+            break
+
+    return retval
--- a/waf/incapsula.py
+++ b/waf/incapsula.py
@@ -20,6 +20,7 @@ def detect(get_page):
        retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
        retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None
        retval |= "Incapsula incident ID" in (page or "")
+        retval |= headers.get("X-Iinfo") is not None
        if retval:
            break

--- a/waf/reblaze.py
+++ b/waf/reblaze.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Reblaze Web Application Firewall (Reblaze)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        _, headers, _ = get_page(get=vector)
+        retval = re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
+        retval |= re.search(r"Reblaze Secure Web Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
--- a/waf/sucuri.py
+++ b/waf/sucuri.py
@@ -21,6 +21,8 @@ def detect(get_page):
        retval |= "Access Denied - Sucuri Website Firewall" in (page or "")
        retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "")
        retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None
+        retval |= headers.get("X-Sucuri-ID") is not None
+        retval |= headers.get("X-Sucuri-Cache") is not None
        if retval:
            break