WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.
- Supporting whatwaf with XMR mining
- Create an issue
- Read the manual
- WhatWafs Features
- Installing WhatWaf
- PoC
- Get involved
- Follow me on
- Follow me on
whatwaf --wafs
,------.
' .--. '
,--. .--. ,--. .--.| | | |
| | | | | | | |'--' | |
| | | | | | | | __. |
| |.'.| | | |.'.| | | .'
| | | | |___|
| ,'. |hat| ,'. |af .---.
'--' '--' '--' '--' '---'
/><s/**/cript>alert("WhatWaf?<|>v1.8($stable)");</scrip/**/t>
[00:58:55][INFO] gathering a list of possible detectable wafs
360 Web Application Firewall (360)
aeSecure (WAF)
Airlock (Phion/Ergon)
AkamaiGHost Website Protection (Akamai Global Host)
Alert Logic (SIEMless Threat Management)
AliYunDun (WAF)
Anquanbao Web Application Firewall (Anquanbao)
AnYu Web Application Firewall (Anyu Technologies)
Apache Generic
Armor Protection (Armor Defense)
Application Security Manager (F5 Networks)
ASP.NET Generic Website Protection (MS)
Apache Traffic Server (ATS web proxy)
Amazon Web Services Web Application Firewall (Amazon)
Yunjiasu Web Application Firewall (Baidu)
Barikode Web Application Firewall
Barracuda Web Application Firewall (Barracuda Networks)
Bekchy (WAF)
BIG-IP (F5 Networks)
BinarySEC Web Application Firewall (BinarySEC)
Bitninja (WAF)
BlockDos DDoS protection (BlockDos)
Chuangyu top government cloud defense platform (WAF)
Cisco ACE XML Firewall (Cisco)
CloudFlare Web Application Firewall (CloudFlare)
CloudFront Firewall (Amazon)
XSS/CSRF Filtering Protection (CodeIgniter)
Comodo Web Application Firewall (Comodo)
IBM Websphere DataPower Firewall (IBM)
Deny All Web Application Firewall (DenyAll)
DiDiYun WAF (DiDi)
DoD Enterprise-Level Protection System (Department of Defense)
DOSarrest (DOSarrest Internet Security)
dotDefender (Applicure Technologies)
DynamicWeb Injection Check (DynamicWeb)
EdgeCast Web Application Firewall (Verizon)
ExpressionEngine (Ellislab WAF)
FortiWeb Web Application Firewall (Fortinet)
Gladius network WAF (Gladius)
Google Web Services
Grey Wizard Protection
Incapsula Web Application Firewall (Incapsula/Imperva)
INFOSAFE by https://7i24.com
Instart Logic (Palo Alto)
Janusec Application Gateway (WAF)
Jiasule (WAF)
Litespeed webserver Generic Protection
Malcare (MalCare Security WAF)
Open Source Web Application Firewall (Modsecurity)
Mod Security (OWASP CSR)
NexusGuard Security (WAF)
Nginx Generic Protection
Palo Alto Firewall (Palo Alto Networks)
Anti Bot Protection (PerimeterX)
pkSecurityModule (IDS)
Powerful Firewall (MyBB plugin)
Radware (AppWall WAF)
RSFirewall (Joomla WAF)
Sabre Firewall (WAF)
SafeDog WAF (SafeDog)
SecuPress (Wordpress WAF)
Shadow Daemon Opensource (WAF)
Shield Security
Website Security SiteGuard (Lite)
SonicWALL Firewall (Dell)
Squid Proxy (IDS)
Stingray Application Firewall (Riverbed/Brocade)
StrictHttpFirewall (WAF)
Sucuri Firewall (Sucuri Cloudproxy)
Teros Web Application Firewall (Citrix)
UEWaf (UCloud)
UrlScan (Microsoft)
Varnish/CacheWall WAF
Viettel WAF (Cloudrity)
Wallarm WAF
WebKnight Application Firewall (AQTRONIX)
IBM Security Access Manager (WebSEAL)
West236 Firewall
Wordfence (Feedjit)
WTS-WAF (Web Application Firewall)
Xuanwudun WAF
Yundun Web Application Firewall (Yundun)
Yunsuo Web Application Firewall (Yunsuo)
Zscaler Cloud Firewall (WAF)
[00:58:55][INFO] WhatWaf can detect a total of 86 web application protection systems