Web Application Firewall Detection Tool

WafW00f is written in  phython and is available freely on the net,

the tool is developed By Sandro Gauci && Wendel G. Henrique.

they mentions that Web Application Firewalls (WAFs) :

  • can be detected, because they leave several signs

  • can be bypassed by changing the attack in order to avoid rules

To help detect and bypass WAFs, they released wafw00f

WAFW00F allows one to identify and fingerprint WAF products protecting a website



wafw00f url1 [url2 [url3 … ]]


 -h, --help            show this help message and exit
  -v, --verbose         enable verbosity - multiple -v options increase
  -a, --findall         Find all WAFs, do not stop testing on the first one
  -r, --disableredirect
                        Do not follow redirections given by 3xx responses
  -t TEST, --test=TEST  Test for one specific WAF
  -l, --list            List all WAFs that we are able to detect
  --xmlrpc              Switch on the XML-RPC interface instead of CUI
                        Specify an alternative port to listen on, default 8001
  -V, --version         Print out the version


cyborg@cyborg:~$ wafw00f http://www.youtube.com

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/  
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
    WAFW00F - Web Application Firewall Detection Tool
    By Sandro Gauci && Wendel G. Henrique

Checking http://www.youtube.com
Generic Detection results:
The site http://www.youtube.com seems to be behind a WAF 
Reason: The server header is different when an attack is detected.
The server header for a normal response is "gwiseguy/2.0", while the server header a response to an attack is "GFE/2.0.",
Number of requests: 12


Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?