Site WAF Detection

wafw00f

WAFW00F identification and fingerprint Web application Firewall (WAF) products.

It works by first sending a normal HTTP request, and then observing that it returns no feature characters, and then judging the WAF that is used by sending a malicious request that triggers a WAF interception to get its returned features.

Supported WAF Products

$./WAFW00F-L^     ^        _   __  _   ____ _   __  _    _   ____       ///7/ /.'\/__////7//,'\ ,' \ / __/      | V V//O//_/| V V//0//0//_/|_n_,'/_n_//_/|_n_,' \_,'\_,'/_/< ...'wafw00f-Web Application Firewall Detection Tool by Sandro Gauci&& Wendel G.Henrique Can Test forThese WAFs:anquanbaojuniper WebApp secureibm Web application Securitycisco ACE XML GatewayF5 BIG-IP apm360wangzhanbaomodsecurity (OWASP CRS) PowerCDNSafedogF5 Firepassdenyall Waftrustwave Modsecuritycloudflareimperva securesphereincapsula Wafcitrix NetScalerF5 BIG-IP Ltmart of Defence Hyperguardaqtronix Webknightteros wafeeye Digital Security SECUREIISBINARYSECIBM Datapowermicrosoft ISA Servernetcontinuumnsfocuschinacache-cdnwest263cdninfoguard Airlockbarracuda application FirewallF5 BIG-IP asmprofensemission Control application shieldmicrosoft urlscanapplicure dotdefenderusp Secure Entry ServerF5 Trafficshield

Instructions for use

Can be used to --help view, usually directly into the URL can be

$./wafw00f https://www.ibm.com/                                  ^     ^        _   __  _   ____ _   __  _   ____       ///7//. ' \/__////7//, ' \, ' \/__/      | V V//O//_/| V V//0//0//_/      |_n_, '/_n_//_/   |_n_, ' \_, ' \_, '/_/                                < ...     '- Web Applicati On Firewall Detection Tool     && Wendel G. Henrique Checking https://www.ibm.com/the Site https://www.ibm.com/6

Installation

Pip Install wafw00f

Project Address: https://github.com/EnableSecurity/wafw00f

Original connection: wafw00f: Web-aware (WAF) products, reproduced please specify from the Experience box | Focus on network security.

Site WAF Detection