Detection fails behind WAF (false negatives?) #1
Description
Hi! Quick question about the PoC: the script runs detect_vulnerability() without any of the WAF-bypass options, and only applies bypass settings for the exploit request.
If a target is behind a WAF, wouldn’t the detection request get blocked too, causing false negatives? Could we either (a) add an option to apply the same request-shaping to detection, or (b) document that detection may fail behind a WAF and recommend version-based checks instead?