- Go 18.1 linux/amd64
- sudo apt-get update && sudo apt-get golang
- git clone https://github.com/sc4rfurry/Curs3AF.git
- cd Curs3AF
- go get .
- go build main.go
- or use the
builder.shscript to build the tool.
- or use the
- Can detect 153 different Firewalls
- Concurrent fingerprinting
- Scan Multiple Domains from a file
- Fast detection mode (only checks for the most common WAFs - Optional)
go run main.go --help
go run main.go -u https://www.google.com
go run main.go -f domains.txt -gTo run the tool on a target, just use the following command.
go run main.go --url asgoogle.com
____ _____ _ _____
/ ___| _ _ _ __ ___ |___ / / \ | ___|
| | | | | | | '__| / __| |_ \ / _ \ | |_
| |___ | |_| | | | \__ \ ___) | / ___ \ | _|
\____| \__,_| |_| |___/ |____/ /_/ \_\ |_|
Description: Tool to check if a website is protected by a WAF(HTTP/HTTPS).
Author: sc4rfurry
Version: 1.0.1
Go Version: 1.18.1 or higher
Github: https://github.com/sc4rfurry
=================================================================================================
[info] Starting WAF Detection on asgoogle.com
[info] Running in Normal Mode (Scan for all 153 Wafs)- Could take time to scan
[!] http://asgoogle.com is protected by [{AWS Elastic Load Balancer (Amazon)}]
[!] https://asgoogle.com is protected by [{AWS Elastic Load Balancer (Amazon)}]To build the tool, you can use the following command.
env GOOS=linux GOARCH=amd64 go build -a -ldflags '-s -w -extldflags "-static"' -o Curs3AF main.goYou can also use the bultin Bash script to build the tool.
- Before running the script, make sure to give it execution permissions.
- The bash script can build both Linux and Windows binaries.
- Binaries will be Stripped and Compressed. (lolcat, strip and upx are required)
chmod +x builder.sh
./builder.sh main.go
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.