[Pkg-security-team] ITP: wafw00f -- Identify and fingerprint Web Application Firewall (WAF)
Samuel Henrique
samueloph at gmail.com
Fri Aug 12 13:46:06 UTC 2016
Package: wnpp
Owner: "Samuel Henrique" <samueloph at gmail.com>
Severity: wishlist
* Package name : wafw00f
Version : 0.9.4
Upstream Author : Sandro Gauci <sandro at enablesecurity.com
<c0re at psypanda.org>>
* URL : https://github.com/EnableSecurity/wafw00f
<https://psypanda.github.io/hashID/>
* License : BSD-3-clause
Programming Lang: Python
Description : identify and fingerprint Web Application Firewall (WAF)
WAFW00F does the following:
- Sends a *normal* HTTP request and analyses the response; this
identifies a number of WAF solutions
- If that is not successful, it sends a number of (potentially
malicious) HTTP requests and uses simple logic to deduce which WAF it is
- If that is also not successful, it analyses the responses previously
returned and uses another simple algorithm to guess if a WAF or security
solution is actively responding to our attacks
I intend to maintain this as a part of the pkg-security team, as this is
part
of an effort to get kali packages within debian.
I also will discuss with the team if there's any problem in packaging 0.9.4
(marked as pre-release) or if i will have to package some previously
released version.
Samuel Henrique O. P. [samueloph]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20160812/a692a15b/attachment.html>
More information about the Pkg-security-team
mailing list