Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAF detection #69

Open
woodruffw opened this issue Nov 18, 2019 · 7 comments
Open

WAF detection #69

woodruffw opened this issue Nov 18, 2019 · 7 comments
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@woodruffw
Copy link
Member

It might be interesting to add some Web Application Firewall detection techniques. I don't know much about WAFs, but it looks like there are some common oracles:

  • Known cookies
  • Known weird HTTP codes (999 No Hacking)
  • Known HTML responses

Some potential resources:
@woodruffw woodruffw added enhancement New feature or request help wanted Extra attention is needed good first issue Good for newcomers labels Nov 18, 2019
@karanb192
Copy link

Hi woodruffw,

I just tried the tool and it is pretty quick and I want to contribute to WAF detection.

@woodruffw
Copy link
Member Author

woodruffw commented Jan 19, 2020 via email

@rickconlee
Copy link

I’d like to jump in on this too! I have some WAF experience from doing manual audits for site clients. I’ll take a look while I’m sitting here in quarantine.

@rickconlee
Copy link

rickconlee commented Apr 15, 2020
edited
Loading

What are everyone's thoughts on adding nmap to the stack? This would be a great tool and can open the door to other things in the future, yet will also keep this tool simple.

EDIT: Answered my own question. I'm going to give this a go with NMAP and see how it works.

@woodruffw
Copy link
Member Author

woodruffw commented Apr 15, 2020
edited
Loading

What are everyone's thoughts on adding nmap to the stack? This would be a great tool and can open the door to other things in the future, yet will also keep this tool simple.

I have a slight preference for not adding nmap, since it's not HTTP-specific and takes us further away from twa being "tiny".

That being said, adding it as an optional dependency in the same way that we handle testssl would be fine. So, a user could do something like this:

twa -n

to run nmap-based checks.

@MadhuMadhavanSridhar
Copy link

Hi woodruffw,
Good day!
Some WAFs can be identified from the GET requests using the cookie details or the responses. But for detecting most of the WAFs I think you might need support of either Nmap or Wafw00f scripts. I can add a feature for identifying WAFs based on the cookie details or the responses but this will detect only a few WAFs.

@woodruffw
Copy link
Member Author

@MadhuMadhavanSridhar That makes sense. I'm okay with only detecting a few (with cookies) for now -- allowing future contributors to add optional nmap based checks seems reasonable to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@woodruffw @karanb192 @MadhuMadhavanSridhar @rickconlee