[tool] CRSprober
Jozef Sudolsky发布了一个名为CRSprober的小工具,用于远程检测OWASP CRS版本及ModSecurity+CRS的配置级别。该工具通过发送特定payload并分析WAF响应来获取信息,适用于测试、研究或验证场景。 2025-8-19 02:58:46 Author: seclists.org(查看原文) 阅读量:8 收藏
Jozef Sudolsky发布了一个名为CRSprober的小工具,用于远程检测OWASP CRS版本及ModSecurity+CRS的配置级别。该工具通过发送特定payload并分析WAF响应来获取信息,适用于测试、研究或验证场景。 2025-8-19 02:58:46 Author: seclists.org(查看原文) 阅读量:8 收藏
Full Disclosure mailing list archives
From: Jozef Sudolsky <jozef () sudolsky sk>
Date: Mon, 18 Aug 2025 18:27:53 +0200
Dear community, I’d like to share a small tool I’ve recently released - CRSprober.This utility is designed to remotely detect the version of the OWASP CRS as well as the configured paranoia level on a target protected by ModSecurity + CRS.
It works by sending specific payloads and analyzing the WAF's responses to determine this information. This can be useful for testing, research, or verification purposes, especially when auditing remote systems.
The tool is available here: https://github.com/azurit/CRSprober Any feedback, suggestions, or contributions are very welcome. Best regards, Jozef Sudolsky _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- [tool] CRSprober Jozef Sudolsky (Aug 18)
文章来源: https://seclists.org/fulldisclosure/2025/Aug/6
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh