From 539c2e2b506663ffe5e4c0f008e0bf5f0e173010 Mon Sep 17 00:00:00 2001
From: Jay Turla <shipcodez@gmail.com>
Date: Thu, 28 Aug 2014 08:53:21 +0800
Subject: [PATCH 1/2] Create sucuri.py

adding Sucuri WebSite Firewall detection
---
 waf/sucuri.py | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 waf/sucuri.py

diff --git a/waf/sucuri.py b/waf/sucuri.py
new file mode 100644
index 000000000..8a9e054a8
--- /dev/null
+++ b/waf/sucuri.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Sucuri WebSite Firewall"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retVal = code == 403
+        retval = re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval

From 911f27116ac84a52275e6f193bd03a41e7581681 Mon Sep 17 00:00:00 2001
From: Jay Turla <shipcodez@gmail.com>
Date: Thu, 28 Aug 2014 09:23:44 +0800
Subject: [PATCH 2/2] Update sucuri.py

---
 waf/sucuri.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/waf/sucuri.py b/waf/sucuri.py
index 8a9e054a8..1babc671e 100644
--- a/waf/sucuri.py
+++ b/waf/sucuri.py
@@ -17,8 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retVal = code == 403
-        retval = re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break