File http-waf-fingerprint
Script types:
portrule
Categories:
discovery, intrusive
Download: http://nmap.org/svn/scripts/http-waf-fingerprint.nse
User Summary
Tries to detect the presence of a web application firewall and its type and version.
This works by sending a number of requests and looking in the responses for known behavior and fingerprints such as Server header, cookies and headers values. Intensive mode works by sending additional WAF specific requests to detect certain behaviour.
Credit to wafw00f and w3af for some fingerprints.
Script Arguments
http-waf-fingerprint.root
The base path. Defaults to /.
http-waf-fingerprint.intensive
If set, will add WAF specific scans, which takes more time. Off by default.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script=http-waf-fingerprint <targets> nmap --script=http-waf-fingerprint --script-args http-waf-fingerprint.intensive=1 <targets>
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-waf-fingerprint: | Detected WAF |_ BinarySec version 3.2.2
Requires
Author: Hani Benhabiles
License: Same as Nmap--See http://nmap.org/book/man-legal.html