wafw00f
identify and fingerprint Web Application Firewall products
Install
- All systems
-
curl cmd.cat/wafw00f.sh
- Debian
-
apt-get install wafw00f - Ubuntu
-
apt-get install wafw00f - Kali Linux
-
apt-get install wafw00f - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install wafw00f - Dockerfile
- dockerfile.run/wafw00f
wafw00f
identify and fingerprint Web Application Firewall products
This package identifies and fingerprints Web Application Firewall (WAF) products using the following logic: - Sends a _normal_ HTTP request and analyses the response; this identifies a number of WAF solutions. - If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. - If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to the attacks.