WafW00f – A Web Application Audit Tool

WAFW00F – Web Application Firewall Detection Tool

WafW00f is written in  phython and is available freely on the net,

the tool is developed By Sandro Gauci && Wendel G. Henrique.

they mentions that Web Application Firewalls (WAFs) :

  • can be detected, because they leave several signs
  • can be bypassed by changing the attack in order to avoid rules

To help detect and bypass WAFs, they released wafw00f

WAFW00F allows one to identify and fingerprint WAF products protecting a website

Download Link

http://waffit.googlecode.com/svn/trunk/ waffit-read-only

or you can find it in Backtrack 5 R1 version

You can find it in   /pentest/web/waffit/

example 1: /pentest/web/waffit# ./wafw00f.py http://www.example.com

output:

Checking http://www.example.com
Generic Detection results:
No WAF detected by the generic detection

example 2: /pentest/web/waffit# ./wafw00f.py http://www.example2.com

output:

Checking http://www.example2.com
The site http://www.example2.com is behind a Citrix NetScaler

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 1 =