[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#834145: ITP: wafw00f -- Identify and fingerprint Web Application Firewall (WAF)

This package has a dependency on python-pluginbase, which i already start packaging on collab[1], but it may need some time because i'm affraid we will have a licensing problem, i still have to confirm that:

" We kindly ask you to only use these themes in an unmodified manner just
 for Flask and Flask-related products, not for unrelated projects.  If you
 like the visual style and want to use it for your own projects, please
 consider making some larger changes to the themes (such as changing
 font faces, sizes, colors or margins)."

If anyone want's to help, please feel free to contact me.

I asked to join the python team, but got no response, that's why i decided to package it on collab under my maintenance, although i should probably just directly contact some active member of the python team.

[1]https://anonscm.debian.org/git/collab-maint/python-pluginbase.git/

Samuel Henrique <samueloph>

2016-08-12 10:46 GMT-03:00 Samuel Henrique <samueloph@gmail.com>:
Package: wnpp
Owner: "Samuel Henrique" <samueloph@gmail.com>
Severity: wishlist

* Package name    : wafw00f
  Version         : 0.9.4
  Upstream Author : Sandro Gauci <sandro@enablesecurity.com>
* URL             : https://github.com/EnableSecurity/wafw00f
* License         : BSD-3-clause
  Programming Lang: Python
  Description     : identify and fingerprint Web Application Firewall (WAF)

 WAFW00F does the following:
  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
 I intend to maintain this as a part of the pkg-security team, as this is part
 of an effort to get kali packages within debian.

I also will discuss with the team if there's any problem in packaging 0.9.4 (marked as pre-release) or if i will have to package some previously released version.

Samuel Henrique O. P. [samueloph]

Reply to: