Your Perfect Cybersecurity Partner

Stay Connected:

WafW00f Tool to Fingerprint and identify Web Application Firewall

Image

WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary

Demo

Installation

Step 1: git clone https://github.com/EnableSecurity/wafw00f.git

Step 2: cd wafw00f

Step 3: Type ‘make’ to install required files, tools to be installed automatically 

Step 4: Type chmod +x setup.py   to grant Execute permission 

Step 5: python setup.py install

Usage

#  wafw00f (Target.com)

Example:  wafw00f  testwebsite.com

Testing a Single URL

The URL can be directly supplied to the script after WAFW00F has been built and installed on the system.

# wafw00f http://example.com

Testing Multiple URLs

Multiple URLs can be supplied one after another using spaces.

# wafw00f http://example.com http://host.com http://site.tld

Testing For All Possible WAF Instances

# wafw00f http://example.com -a

How does it work?

  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions

  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is

  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks

What does it detect?

It detects a number of WAFs. To view which WAFs it is able to detect run WAFW00F with the -l option. At the time of writing the output is as follows:

Anquanbao

Juniper WebApp Secure

IBM Web Application Security

Cisco ACE XML Gateway

F5 BIG-IP APM

360WangZhanBao

ModSecurity (OWASP CRS)

PowerCDN

Safedog

F5 FirePass

DenyALL WAF

Trustwave ModSecurity

CloudFlare

Imperva SecureSphere

Incapsula WAF

Citrix NetScaler

F5 BIG-IP LTM

Art of Defence HyperGuard

Aqtronix WebKnight

Teros WAF

eEye Digital Security SecureIIS

BinarySec

IBM DataPower

Microsoft ISA Server

NetContinuum

NSFocus

ChinaCache-CDN

West263CDN

InfoGuard Airlock

Barracuda Application Firewall

F5 BIG-IP ASM

Profense

Mission Control Application Shield

Microsoft URLScan

Applicure dotDefender

USP Secure Entry Server

F5 Trafficshield