f5-awaf-export-policies

A small script to export all AWAF policies from a BIG-IP device.

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

Note: JSON format only works with TMOS version 16.x.

Tested with BIG-IP 16.1 but should work with older versions.

Usage

usage: f5-awaf-export-policies.py [-h] --device DEVICE --username USERNAME
                                  --password PASSWORD
                                  [--format {json,xml,plc}] [--output OUTPUT]

A small script to export all AWAF policies from a BIG-IP device.

optional arguments:
  -h, --help            show this help message and exit
  --device DEVICE, -d DEVICE
  --username USERNAME, -u USERNAME
  --password PASSWORD, -p PASSWORD
  --format {json,xml,plc}, -f {json,xml,plc}
  --output OUTPUT, -o OUTPUT

Sample Output

$ python f5-awaf-export-policies.py -d 192.168.0.245 -u admin -p "XXXXXXX" -o ./output 
AWAF Policy /PartitionB/awaf_policy_app4 saved to file ./output/PartitionB-awaf_policy_app4.xml.
AWAF Policy /PartitionB/awaf_policy_app3 saved to file ./output/PartitionB-awaf_policy_app3.xml.
AWAF Policy /PartitionA/awaf_policy_app2 saved to file ./output/PartitionA-awaf_policy_app2.xml.
AWAF Policy /PartitionA/awaf_policy_app1 saved to file ./output/PartitionA-awaf_policy_app1.xml.
AWAF Policy /PartitionC/awaf_policy_app6 saved to file ./output/PartitionC-awaf_policy_app6.xml.
AWAF Policy /PartitionC/awaf_policy_app5 saved to file ./output/PartitionC-awaf_policy_app5.xml.

A small script to export all AWAF policies from a BIG-IP device

Related tags

Overview

f5-awaf-export-policies

Usage

Sample Output

Owner

Scan your logs for CVE-2021-44228 related activity and report the attackers

CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE

This is python script that will extract the functions call in all used DLL in an executable and then provide a mapping of those functions to the attack classes defined and curated malapi.io.

Searches filesystem for CVE-2021-44228 and CVE-2021-45046 vulnerable instances of log4j library, including embedded (jar/war/zip) packaged ones.

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

Blinder is a tool that will help you simplify the exploitation of blind SQL injection

CVE-2021-26084 Remote Code Execution on Confluence Servers

Bypass 4xx HTTP response status codes.

Valeria stealer- - (4Feb 2022) program detects wifi saved passwords in your ROM

Threat research and reporting from IronNet's Threat Research Teams

Scout Suite - an open source multi-cloud security-auditing tool,

Simple and easy framework for phishing 🎣

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

Automatic SQL injection and database takeover tool

Auerswald COMpact 8.0B Backdoors exploit

A Superfast SMS & Call bomber for Linux And Termux !

IDA Frida Plugin for tracing something interesting.

Log4Shell Proof of Concept (CVE-2021-44228)