Skip to content

Fuzzing and fooling Wappalyzer. Released at BSides Delhi 2019.

License

Notifications You must be signed in to change notification settings

0x48piraj/wapparalyser

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Wapparalyser

License Version: 1.0 Commits GitHub issues

Wapparalyser Logo
Fuzzing 'n' Fooling Wappalyzer

Wapparalyser is a security tool for blue-teams which defeats Wappalyzer, a common red-team tool that uncovers the technologies used on websites.

Wapparalyser was presented at BSides Delhi 2019. The command-line tool is built on Python and it has been completely written from the ground-up, after reverse-enginnering Wappalyzer to it's core and thus, it is highly flexible and automatically adapts without manually inserting any new heuristics/fingerprints. It intercepts all the static detections that Wappalyzer uses in order to camouflage, modify and defeat the tool in real-time. To know more, you can head over to My first security talk — BSides Delhi 2019 Experience. The blog mostly revolves around the journey.

Wapparalyser will have an interactive web-app in near future.

Features

  • Emulating services
    • All
    • Random
    • Certain tech-stack (e.g. MEAN, LAMP, LAMB, DONKEY?)
  • In-built small fuzzer for Wappalyzer
    • Blind
    • metadata|js|scripts|html|headers|cookies

Some additional features

  • No website modification or lengthy patches
  • Simple user interface and several logging features
  • Modes: front-end, back-end & combined
  • Emulates any service (currently, 1123)
  • Undetectable to attackers

Install

Run the Wapparalyser instance isolated from the rest of your system by using memory-based execution:

curl -sSL https://raw.githubusercontent.com/0x48piraj/wapparalyser/master/src/cmdline/cli.py | python

About

Fuzzing and fooling Wappalyzer. Released at BSides Delhi 2019.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages