How to detect Web Application Firewalls

WAFW00F – Web Application Firewall Detection Tool – identifies and fingerprints Web Application Firewall (WAF) products.

To do its magic, WAFW00F does the following:

> Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
> If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
> If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.


Usage: wafw00f url1 [url2 [url3 ... ]]
example: wafw00f
  -h, --help            show this help message and exit
  -v, --verbose         enable verbosity - multiple -v options increase
  -a, --findall         Find all WAFs, do not stop testing on the first one
  -r, --disableredirect
                        Do not follow redirections given by 3xx responses
  -t TEST, --test=TEST  Test for one specific WAF
  -l, --list            List all WAFs that we are able to detect
  --xmlrpc              Switch on the XML-RPC interface instead of CUI
                        Specify an alternative port to listen on, default 8001
  -V, --version         Print out the version

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s