Skip to content
/ GoWAF Public

A work in progress tool written in Go to check whether a list of domains/subs have a WAF in place when generic payloads are passed in params.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lockedLog/GoWAF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
main.go
main.go
 
 
subs.txt
subs.txt
 
 

Repository files navigation

GoWAF

A work in progress tool written in Go to check whether a list of domains/subs have a WAF in place when generic payloads are passed in params.

Is checked on the basis of a 403 forbidden error when sending the payload, but 200 without (signalling a WAF). Also checks the SQL payload requests for 500 internal errors in case the param is vulnerable to sqli with further testing.

Plans include custom payload options, CLI support with flags, WAF provider detection (cloudflare, cloudfront, etc), and maybe open redirect integration.

About

A work in progress tool written in Go to check whether a list of domains/subs have a WAF in place when generic payloads are passed in params.

Topics

waf xss sqli xss-detection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages