fixed the waf detection

Author: zoidex

src/resolver/mod.rs

@@ -155,12 +155,6 @@ pub async fn run_resolver(
  }
  };
 
- // Check if a Web Application Firewall (WAF) is detected for the specified host with port
- if waf::detect_waf(ip_host).await {
- // If a WAF is detected, skip to the next iteration of the loop
- continue;
- }
-
  // Build a request with the GET method and the parsed URL
  let mut request = Request::new(Method::GET, ip_url);
 
@@ -172,6 +166,22 @@ pub async fn run_resolver(
  HeaderValue::from_str("localhost").unwrap(),
  );
 
+ // Create a clone of the `request` object and assign it to `request_clone`
+ let request_clone = match request.try_clone() {
+ // If the `try_clone()` method returns `Some`, which means the cloning was successful,
+ // assign the cloned object to `rc`
+ Some(rc) => rc,
+ // If the `try_clone()` method returns `None`, which means the cloning failed,
+ // skip to the next iteration of the loop
+ None => continue,
+ };
+
+ // Check if a Web Application Firewall (WAF) is detected for the specified `ip_host` with `request_clone`
+ if waf::detect_waf(ip_host, request_clone).await {
+ // If a WAF is detected, skip to the next iteration of the loop
+ continue;
+ }
+
  // Make a request with the modified headers using the 'client' object
  let response = match client.execute(request).await {
  // If the request is successful, assign the response to 'response'
@@ -283,12 +293,6 @@ pub async fn run_resolver(
  let main_page = ip_str.clone();
  let main_site = main_page.clone();
 
- // Check if a Web Application Firewall (WAF) is detected for the specified host with port
- if waf::detect_waf(main_site).await {
- // If a WAF is detected, skip to the next iteration of the loop
- continue;
- }
-
  // Parse the job IP address into a URL
  let ip_url = match reqwest::Url::parse(&ip_str.to_string()) {
  // If parsing succeeds, assign the parsed URL to 'ip_url'
@@ -307,6 +311,23 @@ pub async fn run_resolver(
  reqwest::header::HOST,
  HeaderValue::from_str(&unresolved_host).unwrap(),
  );
+
+ // Create a clone of the `request` object and assign it to `request_clone`
+ let request_clone = match request.try_clone() {
+ // If the `try_clone()` method returns `Some`, which means the cloning was successful,
+ // assign the cloned object to `rc`
+ Some(rc) => rc,
+ // If the `try_clone()` method returns `None`, which means the cloning failed,
+ // skip to the next iteration of the loop
+ None => continue,
+ };
+
+ // Check if a Web Application Firewall (WAF) is detected for the specified host with port
+ if waf::detect_waf(main_site, request_clone).await {
+ // If a WAF is detected, skip to the next iteration of the loop
+ continue;
+ }
+
  // Make a request with the modified headers using the 'client' object
  let response = match client.execute(request).await {
  // If the request is successful, assign the response to 'response'

src/waf/mod.rs

@@ -5,7 +5,7 @@ use std::time::Duration;
 use regex::Regex;
 
 // Importing the `redirect` function from the `reqwest` crate.
-use reqwest::redirect;
+use reqwest::{redirect, Request};
 
 // Importing the `Value` enum from the `serde_json` crate.
 use serde_json::Value;
@@ -508,7 +508,7 @@ const WAF_SIGS: &str = r#"
 ]
 "#;
 
-pub async fn detect_waf(host: String) -> bool {
+pub async fn detect_waf(host: String, request: Request) -> bool {
  // Parse the string of data into serde_json::Value.
  let signature: Value = match serde_json::from_str(&WAF_SIGS) {
  Ok(v) => v, // If parsing is successful, assign the parsed value to `signature`.
@@ -518,15 +518,6 @@ pub async fn detect_waf(host: String) -> bool {
  }
  };
 
- // Parse the host string into a reqwest::Url.
- let url = match reqwest::Url::parse(&host) {
- Ok(url) => url, // If parsing is successful, assign the parsed URL to `url`.
- Err(_) => {
- // If parsing fails, print the error message and return `false`.
- return false;
- }
- };
-
  // Create a new header map.
  let mut headers = reqwest::header::HeaderMap::new();
  headers.insert(
@@ -546,88 +537,56 @@ pub async fn detect_waf(host: String) -> bool {
  .build()
  .unwrap();
 
- // Create a GET request using the client and the parsed URL.
- let get = client.get(url);
- let req = match get.build() {
- Ok(r) => r, // If building the request is successful, assign the request to `req`.
- Err(_) => return false, // If building the request fails, return `false`.
- };
-
  // Execute the request and get the response.
- let response = match client.execute(req).await {
+ let response = match client.execute(request).await {
  Ok(r) => r, // If executing the request is successful, assign the response to `response`.
  Err(_) => return false, // If executing the request fails, return `false`.
  };
 
- // Get the headers from the response and iterate over them.
- let mut is_matched = false;
-
- // Get the regex pattern from the `signature` value.
- let pattern = match signature[0]["REGEX"].as_str() {
- Some(p) => String::from(format!("(?i){}", p.to_string())), // If the pattern exists, assign it to `pattern`.
- None => "".to_string(), // If the pattern doesn't exist, skip to the next header.
- };
-
- // Split the `pattern` string by ":" and store the parts in `regex_parts`.
- let mut regex_parts = pattern.split(":");
-
- // Extract the first part of `regex_parts` and assign it to `header_name`.
- let header_name = match regex_parts.next() {
- Some(p) => p.replace("^", ""), // If the first part exists, remove any "^" characters and assign it to `header_name`.
- None => "".to_string(), // If the first part doesn't exist, assign an empty string to `header_name`.
+ let signatures = match signature.as_array() {
+ Some(s) => s,
+ None => return false, // If executing the request fails, return `false`.
  };
 
- // Clone the value of `header_name` and assign it to `header_map_key`.
- let header_map_key = header_name.clone();
+ for sig in signatures {
+ // Get the regex pattern from the `signature` value.
+ let pattern = match sig["REGEX"].as_str() {
+ Some(p) => String::from(format!("(?i){}", p.to_string())), // If the pattern exists, assign it to `pattern`.
+ None => "".to_string(), // If the pattern doesn't exist, skip to the next header.
+ };
 
- // Get the headers from the `response` object.
- let headers = response.headers();
+ // Get the headers from the `response` object.
+ let headers = response.headers();
+ let mut header_str = String::from("");
+ for header in headers {
+ let header_name = header.0.to_string();
+ let header_value = match header.1.to_str() {
+ Ok(r) => r.to_string(), // If creating the regex is successful, assign it to `re`.
+ Err(_) => "".to_string(), // If creating the regex fails, skip to the next header.
+ };
 
- // Get the regex pattern from the `signature` value.
- let pattern = match signature[0]["REGEX"].as_str() {
- Some(p) => String::from(format!("(?i){}", p.to_string())), // If the pattern exists, assign it to `pattern`.
- None => return false, // If the pattern doesn't exist, skip to the next header.
- };
-
- // Print the chosen WAF signature pattern and the header being checked.
- eprintln!("[-] Detecting WAF with signature: {}", pattern);
-
- // Get the value of the header with the name `header_name`.
- let get_header_value = match headers.get(header_name) {
- Some(n) => match n.to_str() {
- Ok(v) => v.to_string(), // If the header value can be converted to a string, assign it to `get_header_value`.
- Err(_) => "".to_string(), // If an error occurs while converting the header value to a string, assign an empty string to `get_header_value`.
- },
- None => "".to_string(), // If the header doesn't exist, assign an empty string to `get_header_value`.
- };
-
- // Check if the value of `get_header_value` is empty
- if get_header_value.is_empty() {
- // If it is empty, return false
- return false;
- }
+ header_str.push_str(&format!("{}: {}\n", header_name, header_value));
+ }
 
- // Create the header string by formatting the `header_map_key` and `header_map_value` variables.
- let header = String::from(format!("{}: {}", header_map_key, get_header_value));
+ // Get the WAF name from the `signature` value.
+ let waf_name = match sig["WAF_NAME"].as_str() {
+ Some(p) => p, // If the WAF name exists, assign it to `waf_name`.
+ None => return false, // If the WAF name doesn't exist, skip to the next header.
+ };
 
- // Get the WAF name from the `signature` value.
- let waf_name = match signature[0]["WAF_NAME"].as_str() {
- Some(p) => p, // If the WAF name exists, assign it to `waf_name`.
- None => return false, // If the WAF name doesn't exist, skip to the next header.
- };
+  // Create a regular expression object from the pattern.
+  let re = match Regex::new(&pattern) {
+  Ok(r) => r,  // If creating the regex is successful, assign it to `re`.
+  Err(_) => return false, // If creating the regex fails, skip to the next header.
+  };
 
- // Create a regular expression object from the pattern.
- let re = match Regex::new(&pattern) {
- Ok(r) => r, // If creating the regex is successful, assign it to `re`.
- Err(_) => return false, // If creating the regex fails, skip to the next header.
- };
-
- // Check if the header value matches the regex pattern.
- if re.is_match(&header) {
- // Print that a WAF has been detected on the host.
- eprintln!("[+] WAF detected {} on host: {}", waf_name, host);
- is_matched = true;
+ // Check if the header value matches the regex pattern.
+ if re.is_match(&header_str) {
+ // Print that a WAF has been detected on the host.
+ eprintln!("[+] WAF detected {} on host: {}", waf_name, host);
+ return true;
+ }
  }
 
- return is_matched; // If no header matches the regex pattern, return `false`.
+ return false; // If no header matches the regex pattern, return `false`.
 }