diff --git a/README.md b/README.md
index 5cc110e..f1f1fcd 100644
--- a/README.md
+++ b/README.md
@@ -1328,7 +1328,7 @@ Wanna fingerprint WAFs? Lets see how.
|
- SecureIIS (eEye)
+ Secure Entry Firewall
|
@@ -1351,6 +1351,7 @@ Wanna fingerprint WAFs? Lets see how.
- Response page contains either of the following text snippet:
+ - Image displaying
beyondtrust logo.
SecureIIS Web Server Protection.- Reference to
http://www.eeye.com/SecureIIS/ URL.
SecureIIS Error text snippet.
|
+
+ |
+ SecureSphere (Imperva)
+ |
+
+
+ - Detectability: Difficult
+ - Detection Methodology:
+
+ - Response page contains either of the following text snippet:
+
+ - Error in
h2 text.
+ Contact support for additional information. text.
+
+
+ |
+
SEnginx (Neusoft)
@@ -1396,7 +1415,13 @@ Wanna fingerprint WAFs? Lets see how.
Detectability: Difficult
Detection Methodology:
- - Blocked response page contains
Something in the URL, Form or Cookie data wasn't appropriate text snippet.
+ - Blocked response page contains:
+
+ You were blocked by the Shield. text.Something in the URL, Form or Cookie data wasn't appropriate text snippet.Warning: You have {number} remaining transgression(s) against this site.Seriously stop repeating what you are doing or you will be locked out.
|
@@ -1428,6 +1453,7 @@ Wanna fingerprint WAFs? Lets see how.
Powered by SiteGuard text snippet.The server refuse to browse the page. text snippet.The URL may not be correct. Please confirm the value.
@@ -1444,7 +1470,8 @@ Wanna fingerprint WAFs? Lets see how.
- Blocked response page source contains the following:
- SiteLock Incident ID text snippet.- Reference to
www.sitelock.com URL.
+ Sitelock is leader in Business Website Security Services. text.sitelock-site-verification keyword.sitelock_shield_logo image.
@@ -1461,11 +1488,11 @@ Wanna fingerprint WAFs? Lets see how.
- Detectability: Easy
- Detection Methodology:
- - Response headers contain
SonicWALL keyword value.
+ Server header contain SonicWALL keyword value.- Blocked response page contains either of the following text snippet:
+ - Image displaying
Dell logo.
This request is blocked by the SonicWALL.#shd or #nsa_banner hashtags.Web Site Blocked text snippet.
@@ -1511,9 +1538,10 @@ Wanna fingerprint WAFs? Lets see how.
- - Detectability: Difficult
+ - Detectability: Easy
- Detection Methodology:
+ - Contains image displaying
StackPath logo.
- Blocked response page contains
You performed an action that triggered the service and blocked your request.
@@ -1627,8 +1655,13 @@ Wanna fingerprint WAFs? Lets see how.
- Detectability: Moderate
- Detection Methodology:
- - Response headers might contain
Rejected-by-URLScan field value.
- - Blocked response page contains
Rejected-by-URLScan text snippet.
+
+ - Blocked response page contains:
+
+ Rejected-by-URLScan text snippet.Server Erro in Application as heading.Module: IIS Web Core in table.
|
@@ -1656,8 +1689,13 @@ Wanna fingerprint WAFs? Lets see how.
- Detectability: Easy
- Detection Methodology:
- - Response page contains
Request rejected by xVarnish-WAF text snippet.
- Malicious request returns
404 Not Found Error.
+ - Response page contains:
+
+ Error 403 Naughty, not Nice! as heading.Varnish cache Server keyword.Request rejected by xVarnish-WAF text snippet.
@@ -1691,21 +1729,26 @@ Wanna fingerprint WAFs? Lets see how.
Detectability: Moderate
Detection Methodology:
- - Response headers contain
nginx-wallarm text snippet.
+ Server headers contain nginx-wallarm value.
|
- WatchGuard Firewall
+ WatchGuard IPS
|
- - Detectability: Moderate
+ - Detectability: Easy
- Detection Methodology:
- - Response headers contain
WatchGuard header field value.
+ Server headers contain WatchGuard header field value.- Blocked response page contains:
+
+ Request denied by WatchGuard Firewall text.WatchGuard Technologies Inc. as footer.
|