KeyError: 'User-Agent' when targeting multiple hosts
sionsmith opened this issue · comments
Describe the bug
When passing in multiple target hosts the User-Agent is not present when being deleted.
To Reproduce
Command that reproduces the issue. e.g. wafw00f https://bdb.ai/ https://ataccama.com -vv
Expected behavior
The process should continue onto the next host.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. Windows, Linux]
- OS version, distribution:
- Python version: [e.g. python 3.2]
Debug output
Paste the output that you get when passing -vv to wafw00f. Example:
[*] Checking https://bdb.ai/
INFO:wafw00f:Found: 10 webites to check.
INFO:wafw00f:starting wafw00f on https://bdb.ai/
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Checking for ACE XML Gateway (Cisco)
INFO:wafw00f:Checking for aeSecure (aeSecure)
INFO:wafw00f:Checking for AireeCDN (Airee)
INFO:wafw00f:Checking for Airlock (Phion/Ergon)
INFO:wafw00f:Checking for Alert Logic (Alert Logic)
INFO:wafw00f:Checking for AliYunDun (Alibaba Cloud Computing)
INFO:wafw00f:Checking for Anquanbao (Anquanbao)
INFO:wafw00f:Checking for AnYu (AnYu Technologies)
INFO:wafw00f:Checking for Approach (Approach)
INFO:wafw00f:Checking for AppWall (Radware)
INFO:wafw00f:Checking for Armor Defense (Armor)
INFO:wafw00f:Checking for ArvanCloud (ArvanCloud)
INFO:wafw00f:Checking for ASP.NET Generic (Microsoft)
INFO:wafw00f:Checking for ASPA Firewall (ASPA Engineering Co.)
INFO:wafw00f:Checking for Astra (Czar Securities)
INFO:wafw00f:Checking for AzionCDN (AzionCDN)
INFO:wafw00f:Checking for Barikode (Ethic Ninja)
INFO:wafw00f:Checking for Barracuda (Barracuda Networks)
INFO:wafw00f:Checking for Bekchy (Faydata Technologies Inc.)
INFO:wafw00f:Checking for Beluga CDN (Beluga)
INFO:wafw00f:Checking for BIG-IP Local Traffic Manager (F5 Networks)
INFO:wafw00f:Checking for BinarySec (BinarySec)
INFO:wafw00f:Checking for BitNinja (BitNinja)
INFO:wafw00f:Checking for BlockDoS (BlockDoS)
INFO:wafw00f:Checking for Bluedon (Bluedon IST)
INFO:wafw00f:Checking for BulletProof Security Pro (AITpro Security)
INFO:wafw00f:Checking for CacheWall (Varnish)
INFO:wafw00f:Checking for CacheFly CDN (CacheFly)
INFO:wafw00f:Checking for Comodo cWatch (Comodo CyberSecurity)
INFO:wafw00f:Checking for CdnNS Application Gateway (CdnNs/WdidcNet)
INFO:wafw00f:Checking for ChinaCache Load Balancer (ChinaCache)
INFO:wafw00f:Checking for Chuang Yu Shield (Yunaq)
INFO:wafw00f:Checking for Cloudbric (Penta Security)
INFO:wafw00f:Checking for Cloudflare (Cloudflare Inc.)
INFO:wafw00f:Checking for Cloudfloor (Cloudfloor DNS)
INFO:wafw00f:Checking for Cloudfront (Amazon)
INFO:wafw00f:Checking for CrawlProtect (Jean-Denis Brun)
INFO:wafw00f:Checking for DataPower (IBM)
INFO:wafw00f:Checking for DenyALL (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for Distil (Distil Networks)
INFO:wafw00f:Checking for DOSarrest (DOSarrest Internet Security)
INFO:wafw00f:Checking for DotDefender (Applicure Technologies)
INFO:wafw00f:Checking for DynamicWeb Injection Check (DynamicWeb)
INFO:wafw00f:Checking for Edgecast (Verizon Digital Media)
INFO:wafw00f:Checking for Eisoo Cloud Firewall (Eisoo)
INFO:wafw00f:Checking for Expression Engine (EllisLab)
INFO:wafw00f:Checking for BIG-IP AppSec Manager (F5 Networks)
INFO:wafw00f:Checking for BIG-IP AP Manager (F5 Networks)
INFO:wafw00f:Checking for Fastly (Fastly CDN)
INFO:wafw00f:Checking for FirePass (F5 Networks)
INFO:wafw00f:Checking for FortiWeb (Fortinet)
INFO:wafw00f:Checking for GoDaddy Website Protection (GoDaddy)
INFO:wafw00f:Checking for Greywizard (Grey Wizard)
INFO:wafw00f:Checking for HyperGuard (Art of Defense)
INFO:wafw00f:Checking for Imunify360 (CloudLinux)
INFO:wafw00f:Checking for Incapsula (Imperva Inc.)
INFO:wafw00f:Checking for IndusGuard (Indusface)
INFO:wafw00f:Checking for Instart DX (Instart Logic)
INFO:wafw00f:Checking for ISA Server (Microsoft)
INFO:wafw00f:Checking for Janusec Application Gateway (Janusec)
INFO:wafw00f:Checking for Jiasule (Jiasule)
INFO:wafw00f:Checking for Kona SiteDefender (Akamai)
INFO:wafw00f:Checking for KS-WAF (KnownSec)
INFO:wafw00f:Checking for KeyCDN (KeyCDN)
INFO:wafw00f:Checking for LimeLight CDN (LimeLight)
INFO:wafw00f:Checking for LiteSpeed (LiteSpeed Technologies)
INFO:wafw00f:Checking for Open-Resty Lua Nginx (FLOSS)
INFO:wafw00f:Checking for Oracle Cloud (Oracle)
INFO:wafw00f:Checking for Malcare (Inactiv)
INFO:wafw00f:Checking for MaxCDN (MaxCDN)
INFO:wafw00f:Checking for Mission Control Shield (Mission Control)
INFO:wafw00f:Checking for ModSecurity (SpiderLabs)
INFO:wafw00f:Checking for NAXSI (NBS Systems)
INFO:wafw00f:Checking for Nemesida (PentestIt)
INFO:wafw00f:Checking for NevisProxy (AdNovum)
INFO:wafw00f:Checking for NetContinuum (Barracuda Networks)
INFO:wafw00f:Checking for NetScaler AppFirewall (Citrix Systems)
INFO:wafw00f:Checking for Newdefend (NewDefend)
INFO:wafw00f:Checking for NexusGuard Firewall (NexusGuard)
INFO:wafw00f:Checking for NinjaFirewall (NinTechNet)
INFO:wafw00f:Checking for NullDDoS Protection (NullDDoS)
INFO:wafw00f:Checking for NSFocus (NSFocus Global Inc.)
INFO:wafw00f:Checking for OnMessage Shield (BlackBaud)
INFO:wafw00f:Checking for Palo Alto Next Gen Firewall (Palo Alto Networks)
INFO:wafw00f:Checking for PerimeterX (PerimeterX)
INFO:wafw00f:Checking for PentaWAF (Global Network Services)
INFO:wafw00f:Checking for pkSecurity IDS (pkSec)
INFO:wafw00f:Checking for PT Application Firewall (Positive Technologies)
INFO:wafw00f:Checking for PowerCDN (PowerCDN)
INFO:wafw00f:Checking for Profense (ArmorLogic)
INFO:wafw00f:Checking for Puhui (Puhui)
INFO:wafw00f:Checking for Qiniu (Qiniu CDN)
INFO:wafw00f:Checking for Reblaze (Reblaze)
INFO:wafw00f:Checking for RSFirewall (RSJoomla!)
INFO:wafw00f:Checking for ASP.NET RequestValidationMode (Microsoft)
INFO:wafw00f:Checking for Safe3 Web Firewall (Safe3)
INFO:wafw00f:Checking for Safedog (SafeDog)
INFO:wafw00f:Checking for Safeline (Chaitin Tech.)
INFO:wafw00f:Checking for SecKing (SecKing)
INFO:wafw00f:Checking for eEye SecureIIS (BeyondTrust)
INFO:wafw00f:Checking for SecuPress WP Security (SecuPress)
INFO:wafw00f:Checking for SecureSphere (Imperva Inc.)
INFO:wafw00f:Checking for Secure Entry (United Security Providers)
INFO:wafw00f:Checking for SEnginx (Neusoft)
INFO:wafw00f:Checking for ServerDefender VP (Port80 Software)
INFO:wafw00f:Checking for Shield Security (One Dollar Plugin)
INFO:wafw00f:Checking for Shadow Daemon (Zecure)
INFO:wafw00f:Checking for SiteGround (SiteGround)
INFO:wafw00f:Checking for SiteGuard (Sakura Inc.)
INFO:wafw00f:Checking for Sitelock (TrueShield)
INFO:wafw00f:Checking for SonicWall (Dell)
INFO:wafw00f:Checking for UTM Web Protection (Sophos)
INFO:wafw00f:Checking for Squarespace (Squarespace)
INFO:wafw00f:Checking for SquidProxy IDS (SquidProxy)
INFO:wafw00f:Checking for StackPath (StackPath)
INFO:wafw00f:Checking for Sucuri CloudProxy (Sucuri Inc.)
INFO:wafw00f:Checking for Tencent Cloud Firewall (Tencent Technologies)
INFO:wafw00f:Checking for Teros (Citrix Systems)
INFO:wafw00f:Checking for Trafficshield (F5 Networks)
INFO:wafw00f:Checking for TransIP Web Firewall (TransIP)
INFO:wafw00f:Checking for URLMaster SecurityCheck (iFinity/DotNetNuke)
INFO:wafw00f:Checking for URLScan (Microsoft)
INFO:wafw00f:Checking for UEWaf (UCloud)
INFO:wafw00f:Checking for Varnish (OWASP)
INFO:wafw00f:Checking for Viettel (Cloudrity)
INFO:wafw00f:Checking for VirusDie (VirusDie LLC)
INFO:wafw00f:Checking for Wallarm (Wallarm Inc.)
INFO:wafw00f:Checking for WatchGuard (WatchGuard Technologies)
INFO:wafw00f:Checking for WebARX (WebARX Security Solutions)
INFO:wafw00f:Checking for WebKnight (AQTRONIX)
INFO:wafw00f:Checking for WebLand (WebLand)
INFO:wafw00f:Checking for RayWAF (WebRay Solutions)
INFO:wafw00f:Checking for WebSEAL (IBM)
INFO:wafw00f:Checking for WebTotem (WebTotem)
INFO:wafw00f:Checking for West263 CDN (West263CDN)
INFO:wafw00f:Checking for Wordfence (Defiant)
INFO:wafw00f:Checking for WP Cerber Security (Cerber Tech)
INFO:wafw00f:Checking for WTS-WAF (WTS)
INFO:wafw00f:Checking for 360WangZhanBao (360 Technologies)
INFO:wafw00f:Checking for XLabs Security WAF (XLabs)
INFO:wafw00f:Checking for Xuanwudun (Xuanwudun)
INFO:wafw00f:Checking for Yundun (Yundun)
INFO:wafw00f:Checking for Yunsuo (Yunsuo)
INFO:wafw00f:Checking for Yunjiasu (Baidu Cloud Computing)
INFO:wafw00f:Checking for YXLink (YxLink Technologies)
INFO:wafw00f:Checking for Zenedge (Zenedge)
INFO:wafw00f:Checking for ZScaler (Accenture)
INFO:wafw00f:Checking for AWS Elastic Load Balancer (Amazon)
INFO:wafw00f:Checking for Sabre Firewall (Sabre)
INFO:wafw00f:Checking for Huawei Cloud Firewall (Huawei)
INFO:wafw00f:Identified WAF: []
[+] Generic Detection results:
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:starting wafw00f on https://ataccama.com
[-] No WAF detected by the generic detection
[~] Number of requests: 7
[*] Checking https://ataccama.com
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Request Succeeded
INFO:wafw00f:Checking for ACE XML Gateway (Cisco)
INFO:wafw00f:Checking for aeSecure (aeSecure)
INFO:wafw00f:Checking for AireeCDN (Airee)
INFO:wafw00f:Checking for Airlock (Phion/Ergon)
INFO:wafw00f:Checking for Alert Logic (Alert Logic)
INFO:wafw00f:Checking for AliYunDun (Alibaba Cloud Computing)
INFO:wafw00f:Checking for Anquanbao (Anquanbao)
INFO:wafw00f:Checking for AnYu (AnYu Technologies)
INFO:wafw00f:Checking for Approach (Approach)
INFO:wafw00f:Checking for AppWall (Radware)
INFO:wafw00f:Checking for Armor Defense (Armor)
INFO:wafw00f:Checking for ArvanCloud (ArvanCloud)
INFO:wafw00f:Checking for ASP.NET Generic (Microsoft)
INFO:wafw00f:Checking for ASPA Firewall (ASPA Engineering Co.)
INFO:wafw00f:Checking for Astra (Czar Securities)
INFO:wafw00f:Checking for AzionCDN (AzionCDN)
INFO:wafw00f:Checking for Barikode (Ethic Ninja)
INFO:wafw00f:Checking for Barracuda (Barracuda Networks)
INFO:wafw00f:Checking for Bekchy (Faydata Technologies Inc.)
INFO:wafw00f:Checking for Beluga CDN (Beluga)
INFO:wafw00f:Checking for BIG-IP Local Traffic Manager (F5 Networks)
INFO:wafw00f:Checking for BinarySec (BinarySec)
INFO:wafw00f:Checking for BitNinja (BitNinja)
INFO:wafw00f:Checking for BlockDoS (BlockDoS)
INFO:wafw00f:Checking for Bluedon (Bluedon IST)
INFO:wafw00f:Checking for BulletProof Security Pro (AITpro Security)
INFO:wafw00f:Checking for CacheWall (Varnish)
INFO:wafw00f:Checking for CacheFly CDN (CacheFly)
INFO:wafw00f:Checking for Comodo cWatch (Comodo CyberSecurity)
INFO:wafw00f:Checking for CdnNS Application Gateway (CdnNs/WdidcNet)
INFO:wafw00f:Checking for ChinaCache Load Balancer (ChinaCache)
INFO:wafw00f:Checking for Chuang Yu Shield (Yunaq)
INFO:wafw00f:Checking for Cloudbric (Penta Security)
INFO:wafw00f:Checking for Cloudflare (Cloudflare Inc.)
INFO:wafw00f:Checking for Cloudfloor (Cloudfloor DNS)
INFO:wafw00f:Checking for Cloudfront (Amazon)
INFO:wafw00f:Checking for CrawlProtect (Jean-Denis Brun)
INFO:wafw00f:Checking for DataPower (IBM)
INFO:wafw00f:Checking for DenyALL (Rohde & Schwarz CyberSecurity)
INFO:wafw00f:Checking for Distil (Distil Networks)
INFO:wafw00f:Checking for DOSarrest (DOSarrest Internet Security)
INFO:wafw00f:Checking for DotDefender (Applicure Technologies)
INFO:wafw00f:Checking for DynamicWeb Injection Check (DynamicWeb)
INFO:wafw00f:Checking for Edgecast (Verizon Digital Media)
INFO:wafw00f:Checking for Eisoo Cloud Firewall (Eisoo)
INFO:wafw00f:Checking for Expression Engine (EllisLab)
INFO:wafw00f:Checking for BIG-IP AppSec Manager (F5 Networks)
INFO:wafw00f:Checking for BIG-IP AP Manager (F5 Networks)
INFO:wafw00f:Checking for Fastly (Fastly CDN)
INFO:wafw00f:Checking for FirePass (F5 Networks)
INFO:wafw00f:Checking for FortiWeb (Fortinet)
INFO:wafw00f:Checking for GoDaddy Website Protection (GoDaddy)
INFO:wafw00f:Checking for Greywizard (Grey Wizard)
INFO:wafw00f:Checking for HyperGuard (Art of Defense)
INFO:wafw00f:Checking for Imunify360 (CloudLinux)
INFO:wafw00f:Checking for Incapsula (Imperva Inc.)
INFO:wafw00f:Checking for IndusGuard (Indusface)
INFO:wafw00f:Checking for Instart DX (Instart Logic)
INFO:wafw00f:Checking for ISA Server (Microsoft)
INFO:wafw00f:Checking for Janusec Application Gateway (Janusec)
INFO:wafw00f:Checking for Jiasule (Jiasule)
INFO:wafw00f:Checking for Kona SiteDefender (Akamai)
INFO:wafw00f:Checking for KS-WAF (KnownSec)
INFO:wafw00f:Checking for KeyCDN (KeyCDN)
INFO:wafw00f:Checking for LimeLight CDN (LimeLight)
INFO:wafw00f:Checking for LiteSpeed (LiteSpeed Technologies)
INFO:wafw00f:Checking for Open-Resty Lua Nginx (FLOSS)
INFO:wafw00f:Checking for Oracle Cloud (Oracle)
INFO:wafw00f:Checking for Malcare (Inactiv)
INFO:wafw00f:Checking for MaxCDN (MaxCDN)
INFO:wafw00f:Checking for Mission Control Shield (Mission Control)
INFO:wafw00f:Checking for ModSecurity (SpiderLabs)
INFO:wafw00f:Checking for NAXSI (NBS Systems)
INFO:wafw00f:Checking for Nemesida (PentestIt)
INFO:wafw00f:Checking for NevisProxy (AdNovum)
INFO:wafw00f:Checking for NetContinuum (Barracuda Networks)
INFO:wafw00f:Checking for NetScaler AppFirewall (Citrix Systems)
INFO:wafw00f:Checking for Newdefend (NewDefend)
INFO:wafw00f:Checking for NexusGuard Firewall (NexusGuard)
INFO:wafw00f:Checking for NinjaFirewall (NinTechNet)
INFO:wafw00f:Checking for NullDDoS Protection (NullDDoS)
INFO:wafw00f:Checking for NSFocus (NSFocus Global Inc.)
INFO:wafw00f:Checking for OnMessage Shield (BlackBaud)
INFO:wafw00f:Checking for Palo Alto Next Gen Firewall (Palo Alto Networks)
INFO:wafw00f:Checking for PerimeterX (PerimeterX)
INFO:wafw00f:Checking for PentaWAF (Global Network Services)
INFO:wafw00f:Checking for pkSecurity IDS (pkSec)
INFO:wafw00f:Checking for PT Application Firewall (Positive Technologies)
INFO:wafw00f:Checking for PowerCDN (PowerCDN)
INFO:wafw00f:Checking for Profense (ArmorLogic)
INFO:wafw00f:Checking for Puhui (Puhui)
INFO:wafw00f:Checking for Qiniu (Qiniu CDN)
INFO:wafw00f:Checking for Reblaze (Reblaze)
INFO:wafw00f:Checking for RSFirewall (RSJoomla!)
INFO:wafw00f:Checking for ASP.NET RequestValidationMode (Microsoft)
INFO:wafw00f:Checking for Safe3 Web Firewall (Safe3)
INFO:wafw00f:Checking for Safedog (SafeDog)
INFO:wafw00f:Checking for Safeline (Chaitin Tech.)
INFO:wafw00f:Checking for SecKing (SecKing)
INFO:wafw00f:Checking for eEye SecureIIS (BeyondTrust)
INFO:wafw00f:Checking for SecuPress WP Security (SecuPress)
INFO:wafw00f:Checking for SecureSphere (Imperva Inc.)
INFO:wafw00f:Checking for Secure Entry (United Security Providers)
INFO:wafw00f:Checking for SEnginx (Neusoft)
INFO:wafw00f:Checking for ServerDefender VP (Port80 Software)
INFO:wafw00f:Checking for Shield Security (One Dollar Plugin)
INFO:wafw00f:Checking for Shadow Daemon (Zecure)
INFO:wafw00f:Checking for SiteGround (SiteGround)
INFO:wafw00f:Checking for SiteGuard (Sakura Inc.)
INFO:wafw00f:Checking for Sitelock (TrueShield)
INFO:wafw00f:Checking for SonicWall (Dell)
INFO:wafw00f:Checking for UTM Web Protection (Sophos)
INFO:wafw00f:Checking for Squarespace (Squarespace)
INFO:wafw00f:Checking for SquidProxy IDS (SquidProxy)
INFO:wafw00f:Checking for StackPath (StackPath)
INFO:wafw00f:Checking for Sucuri CloudProxy (Sucuri Inc.)
INFO:wafw00f:Checking for Tencent Cloud Firewall (Tencent Technologies)
INFO:wafw00f:Checking for Teros (Citrix Systems)
INFO:wafw00f:Checking for Trafficshield (F5 Networks)
INFO:wafw00f:Checking for TransIP Web Firewall (TransIP)
INFO:wafw00f:Checking for URLMaster SecurityCheck (iFinity/DotNetNuke)
INFO:wafw00f:Checking for URLScan (Microsoft)
INFO:wafw00f:Checking for UEWaf (UCloud)
INFO:wafw00f:Checking for Varnish (OWASP)
INFO:wafw00f:Checking for Viettel (Cloudrity)
INFO:wafw00f:Checking for VirusDie (VirusDie LLC)
INFO:wafw00f:Checking for Wallarm (Wallarm Inc.)
INFO:wafw00f:Checking for WatchGuard (WatchGuard Technologies)
INFO:wafw00f:Checking for WebARX (WebARX Security Solutions)
INFO:wafw00f:Checking for WebKnight (AQTRONIX)
INFO:wafw00f:Checking for WebLand (WebLand)
INFO:wafw00f:Checking for RayWAF (WebRay Solutions)
INFO:wafw00f:Checking for WebSEAL (IBM)
INFO:wafw00f:Checking for WebTotem (WebTotem)
INFO:wafw00f:Checking for West263 CDN (West263CDN)
INFO:wafw00f:Checking for Wordfence (Defiant)
INFO:wafw00f:Checking for WP Cerber Security (Cerber Tech)
INFO:wafw00f:Checking for WTS-WAF (WTS)
INFO:wafw00f:Checking for 360WangZhanBao (360 Technologies)
INFO:wafw00f:Checking for XLabs Security WAF (XLabs)
INFO:wafw00f:Checking for Xuanwudun (Xuanwudun)
INFO:wafw00f:Checking for Yundun (Yundun)
INFO:wafw00f:Checking for Yunsuo (Yunsuo)
INFO:wafw00f:Checking for Yunjiasu (Baidu Cloud Computing)
INFO:wafw00f:Checking for YXLink (YxLink Technologies)
INFO:wafw00f:Checking for Zenedge (Zenedge)
INFO:wafw00f:Checking for ZScaler (Accenture)
INFO:wafw00f:Checking for AWS Elastic Load Balancer (Amazon)
INFO:wafw00f:Checking for Sabre Firewall (Sabre)
INFO:wafw00f:Checking for Huawei Cloud Firewall (Huawei)
INFO:wafw00f:Identified WAF: []
[+] Generic Detection results:
INFO:wafw00f:Request Succeeded
Traceback (most recent call last):
File "/Users/sionsmith/development/oso/bizdev/wafw00f/wafw00f/main.py", line 417, in <module>
main()
File "/Users/sionsmith/development/oso/bizdev/wafw00f/wafw00f/main.py", line 383, in main
if attacker.genericdetect():
File "/Users/sionsmith/development/oso/bizdev/wafw00f/wafw00f/main.py", line 93, in genericdetect
del def_headers['User-Agent'] # Deleting the user-agent key
KeyError: 'User-Agent'
Additional context
I will fix this and open a PR.