diff --git a/lib/core/enums.py b/lib/core/enums.py index bd09e189d..78b7bfd1b 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -153,6 +153,7 @@ class HTTPHEADER: SERVER = "Server" USER_AGENT = "User-Agent" TRANSFER_ENCODING = "Transfer-Encoding" + VIA = "Via" class EXPECTED: BOOL = "bool" diff --git a/waf/binarysec.py b/waf/binarysec.py index a870d5192..b6f0e584a 100644 --- a/waf/binarysec.py +++ b/waf/binarysec.py @@ -13,4 +13,7 @@ __product__ = "BinarySEC Web Application Firewall (BinarySEC)" def detect(get_page): page, headers, code = get_page() - return re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + retval = re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + if not retval: + retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache")) + return retval diff --git a/waf/cloudflare.py b/waf/cloudflare.py new file mode 100644 index 000000000..500dc858d --- /dev/null +++ b/waf/cloudflare.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.enums import HTTPHEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "CloudFlare Web Application Firewall (CloudFlare)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = re.search(r"cloudflare-nginx", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"\A__cfduid=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None + if retval: + break + + return retval diff --git a/waf/dotdefender.py b/waf/dotdefender.py index 3f9a192c0..9cc66e18b 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retVal = headers.get("X-dotDefender-denied", "") == 1 + retVal = headers.get("X-dotDefender-denied", "") == "1" if retVal: break diff --git a/waf/isaserver.py b/waf/isaserver.py index d2e8cdd74..6b0374236 100644 --- a/waf/isaserver.py +++ b/waf/isaserver.py @@ -11,4 +11,6 @@ __product__ = "ISA Server (Microsoft)" def detect(get_page): page, headers, code = get_page(host=randomInt(6)) - return "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator" in page + retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "") + retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "") + return retval diff --git a/waf/modsecurity.py b/waf/modsecurity.py index ac8b4ebb9..2bdbcd122 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -5,6 +5,9 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import re + +from lib.core.enums import HTTPHEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)" @@ -14,8 +17,9 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - if code == 501: - retval = True + retval = code == 501 + retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + if retval: break return retval diff --git a/waf/netscaler.py b/waf/netscaler.py index 21b162459..532b6986e 100644 --- a/waf/netscaler.py +++ b/waf/netscaler.py @@ -15,6 +15,7 @@ __product__ = "NetScaler (Citrix Systems)" def detect(get_page): page, headers, code = get_page() retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\ANS-CACHE", headers.get(HTTPHEADER.VIA, ""), re.I) is not None if not retval: for vector in WAF_ATTACK_VECTORS: diff --git a/waf/profense.py b/waf/profense.py index 816b8f23e..fbcf8a7f9 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -13,4 +13,7 @@ __product__ = "Profense Web Application Firewall (Armorlogic)" def detect(get_page): page, headers, code = get_page() - return re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + retval = re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + if not retval: + retval = re.search(r"\APLBSID=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None + return retval diff --git a/waf/uspses.py b/waf/uspses.py new file mode 100644 index 000000000..f972a32b2 --- /dev/null +++ b/waf/uspses.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.enums import HTTPHEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "USP Secure Entry Server (United Security Providers)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = re.search(r"Secure Entry Server", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None + if retval: + break + + return retval diff --git a/waf/webknight.py b/waf/webknight.py index dcc426ede..051a64c6e 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -5,6 +5,9 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import re + +from lib.core.enums import HTTPHEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "WebKnight Application Firewall (AQTRONIX)" @@ -15,6 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) retVal = code == 999 + retval |= re.search(r"WebKnight", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None if retVal: break