This tool remotely detects the version of the OWASP Core Rule Set (CRS) used by a ModSecurity WAF. It also identifies the configured paranoia level (PL) of the CRS, providing insights into the WAF's security posture without requiring local access.
- Python 3
python crsprober.py http://example.com
Copyright (c) 2025 Jozef Sudolsky. All rights reserved.
"THE BEER-WARE LICENSE" (Revision 42): [email protected] wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Jozef Sudolsky