backtrack Security Tools

WafW00f – A Web Application Audit Tool

WAFW00F – Web Application Firewall Detection Tool

WafW00f is written in  phython and is available freely on the net,

the tool is developed By Sandro Gauci && Wendel G. Henrique.

they mentions that Web Application Firewalls (WAFs) :

  • can be detected, because they leave several signs
  • can be bypassed by changing the attack in order to avoid rules

To help detect and bypass WAFs, they released wafw00f

WAFW00F allows one to identify and fingerprint WAF products protecting a website

Download Link waffit-read-only

or you can find it in Backtrack 5 R1 version

You can find it in   /pentest/web/waffit/

example 1: /pentest/web/waffit# ./


Generic Detection results:
No WAF detected by the generic detection

example 2: /pentest/web/waffit# ./


The site is behind a Citrix NetScaler

Leave a Reply

Your email address will not be published. Required fields are marked *