Add WAF Detection Option

It would be nice to have an option outside of templates to detect a WAF to stop false positives for more generic templates. For example if the template only relies on the status code being 200 it will most likely run into false positives. (I honestly don't know too many templates that do this, but there are a few)

A simple but usually effective way to detect a WAF is to generate a unique path like /o87ohbhjbvbkjbvklj and if it responds with 200 or 302 its probably a WAF. 

I'm thinking adding an argument to run in WAF detection mode will add an add hoc check to templates that adds the WAF check's response as a negative detection pattern. Adding the whole WAF check template patterns would work too if the WAF has enabled the custom content page, that seems like a lot of work for a small ROI unless someone really cares about also fingerprinting the WAF.

References:

- [related issue](https://github.com/projectdiscovery/nuclei/issues/3582)
- [related discussion](https://github.com/projectdiscovery/nuclei/discussions/2334)
- [waf-detect.yaml](https://github.com/projectdiscovery/nuclei-templates/blob/a1fdc7e3c2fb844858634857700739ebea9cd86f/http/technologies/waf-detect.yaml)
-  [gotestwaf](https://github.com/wallarm/gotestwaf):fire:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add WAF Detection Option #4147

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add WAF Detection Option #4147

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions