Kali Linux – NMAP & WAF
A web application firewall (WAF) is a device or a piece of software that checks packages sent to a web server in order to identify and block those that might be malicious, usually based on signatures or regular expressions.
We can end up dealing with a lot of problems in our penetration test if an undetected WAF blocks our requests or bans our IP address. When performing a penetration test, the reconnaissance phase must include the detection and identification of a WAF, intrusion detection system (IDS), or intrusion prevention system (IPS). This is required in order to take the necessary measures to prevent being blocked or banned.
How to do it…
[email protected]~# nmap -p 80,443 --script=http-waf-detect 192.168.56.102
WAF is detected in this server, so we have no WAF in this server.
2. Now, let’s try the same command on a server that actually has a firewall protecting it.
Here, we will use example.com; however, you may try it over any protected server.
[email protected]~# nmap -p 80,443 --script=http-waf-detect www.example.com
Imperva is one of the leading brands in the market of web application firewalls; as we can see here, there is a device protecting this site.
3. There is another script in Nmap that can help us to identify the device being used, more precisely. The script is as follows:
[email protected]~# nmap -p 80,443 --script=http-waf-fingerprint www.example.com
4. Another tool that Kali Linux includes to help us in detecting and identifying a WAF is wafw00f. Suppose www.example.com is a WAF-protected site: wafw00f www.example.com
WAFW00F – Kali Linux
WAF detection works by sending specific requests to servers and then analyzing the response; for example, in the case of http-waf-detect, it sends some basic malicious packets and compares the responses while looking for an indicator that a packet was blocked, refused, or detected. The same occurs with http-waf-fingerprint, but this script also tries to interpret that response and classify it according to known patterns of various IDSs and WAFs. The same applies to wafw00f.
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
If this article helped you to solve your problem please feel free to share it with your friends … with love and prosperity K4LINUX–TEAM.
With Love and Prosperity K4LINUX-TEAM.