Skip to content

0x48piraj/wapparalyser

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
src
 
 
 
 
 
 

Wapparalyser

License Version: 1.0 Commits GitHub issues

Wapparalyser Logo
Fuzzing 'n' Fooling Wappalyzer

Wapparalyser is a security tool for blue-teams which defeats Wappalyzer, a common red-team tool that uncovers the technologies used on websites.

Wapparalyser was presented at BSides Delhi 2019. The command-line tool is built on Python and it has been completely written from the ground-up, after reverse-enginnering Wappalyzer to it's core and thus, it is highly flexible and automatically adapts without manually inserting any new heuristics/fingerprints. It intercepts all the static detections that Wappalyzer uses in order to camouflage, modify and defeat the tool in real-time. To know more, you can head over to My first security talk — BSides Delhi 2019 Experience. The blog mostly revolves around the journey.

Wapparalyser will have an interactive web-app in near future.

Features

  • Emulating services
    • All
    • Random
    • Certain tech-stack (e.g. MEAN, LAMP, LAMB, DONKEY?)
  • In-built small fuzzer for Wappalyzer
    • Blind
    • metadata|js|scripts|html|headers|cookies

Some additional features

  • No website modification or lengthy patches
  • Simple user interface and several logging features
  • Modes: front-end, back-end & combined
  • Emulates any service (currently, 1123)
  • Undetectable to attackers

Install

Run the Wapparalyser instance isolated from the rest of your system by using memory-based execution:

curl -sSL https://raw.githubusercontent.com/0x48piraj/wapparalyser/master/src/cmdline/cli.py | python

About

Fuzzing and fooling Wappalyzer. Released at BSides Delhi 2019.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages