f5-awaf-export-policies

A small script to export all AWAF policies from a BIG-IP device.

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

Note: JSON format only works with TMOS version 16.x.

Tested with BIG-IP 16.1 but should work with older versions.

Usage

usage: f5-awaf-export-policies.py [-h] --device DEVICE --username USERNAME
                                  --password PASSWORD
                                  [--format {json,xml,plc}] [--output OUTPUT]

A small script to export all AWAF policies from a BIG-IP device.

optional arguments:
  -h, --help            show this help message and exit
  --device DEVICE, -d DEVICE
  --username USERNAME, -u USERNAME
  --password PASSWORD, -p PASSWORD
  --format {json,xml,plc}, -f {json,xml,plc}
  --output OUTPUT, -o OUTPUT

Sample Output

$ python f5-awaf-export-policies.py -d 192.168.0.245 -u admin -p "XXXXXXX" -o ./output 
AWAF Policy /PartitionB/awaf_policy_app4 saved to file ./output/PartitionB-awaf_policy_app4.xml.
AWAF Policy /PartitionB/awaf_policy_app3 saved to file ./output/PartitionB-awaf_policy_app3.xml.
AWAF Policy /PartitionA/awaf_policy_app2 saved to file ./output/PartitionA-awaf_policy_app2.xml.
AWAF Policy /PartitionA/awaf_policy_app1 saved to file ./output/PartitionA-awaf_policy_app1.xml.
AWAF Policy /PartitionC/awaf_policy_app6 saved to file ./output/PartitionC-awaf_policy_app6.xml.
AWAF Policy /PartitionC/awaf_policy_app5 saved to file ./output/PartitionC-awaf_policy_app5.xml.

A small script to export all AWAF policies from a BIG-IP device

Related tags

Overview

f5-awaf-export-policies

Usage

Sample Output

Owner

CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight;

Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

Python DNS Lookup: The Domain Name System (DNS) is basically the phonebook of the Internet

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

A Tool for subdomain scan with other tools

Writing and posting code throughout my new journey into python!

Huskee: Malware made in Python for Educational purposes

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

Tinyman exploit finder - Tinyman exploit finder for python

Unauthenticated Sqlinjection that leads to dump data base but this one impersonated Admin and drops a interactive shell

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

A brute Force tool for Facebook

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

CVE-2022-22963 PoC

Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Password Manager is a simple Python project which helps users in managing their passwords in a easier way