15Ağu
Port scanning against assets that are behind a WAF
I am trying to automate my recon process. For port scanning, I resolve subdomains to IPs then loop over those IPs with masscan. But is it worth it to port scan an asset that is hidden behind a web firewall? In other words, by doing this I'm scanning the WAF IPs. Is it a common thing that some subdomains are behind a WAF and others are not? In this case, I can perform a WAF check before performing the port scanning process.
