table of contents
WAFW00F(8) | User Commands | WAFW00F(8) |
NAME¶
wafw00f - identify and fingerprint Web Application Firewall productsSYNOPSIS¶
wafw00f url1 [url2 [url3 ... ]]DESCRIPTION¶
- Identifies and fingerprints Web Application Firewall (WAF) products:
- To do its magic, WAFW00F does the following:
- Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
OPTIONS¶
- -h, --help
- Show available options
- -v, --verbose
- Enable verbosity - multiple -v options increase verbosity
- -a, --findall
- Find all WAFs, do not stop testing on the first one
- -r, --disableredirect
- Do not follow redirections given by 3xx responses
- -t TEST, --test=TEST
- Test for one specific WAF
- -l, --list
- List all WAFs that we are able to detect
- -p PROXY, --proxy=PROXY
- Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080
- -V, --version
- Print out the version
- -H HEADERSFILE, --headersfile=HEADERSFILE
- Pass custom headers, for example to overwrite the default User-Agent string
AUTHORS¶
Sandro GauciWendel G. Henrique
This manpage was written by Daniel Echeverry and Samuel Henrique for the Debian Project (but may be used by others), it was based on wafw00f's help output.
November 2017 | wafw00f |