[tool] CRSprober

[Jozef Sudolsky <jozef () sudolsky sk>]

Dear community,

I’d like to share a small tool I’ve recently released - CRSprober.

This utility is designed to remotely detect the version of the OWASP  
CRS as well as the configured paranoia level on a target protected by  
ModSecurity + CRS.

It works by sending specific payloads and analyzing the WAF's  
responses to determine this information. This can be useful for  
testing, research, or verification purposes, especially when auditing  
remote systems.

The tool is available here: https://github.com/azurit/CRSprober

Any feedback, suggestions, or contributions are very welcome.

Best regards,
Jozef Sudolsky


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/