WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.
- Create an issue
- Read the manual
- WhatWafs Features
- Installing WhatWaf
- PoC
- Get involved
- Follow me on
- Follow me on
- Ability to run on a single URL with the
-u/--url
flag - Ability to run through a list of URL's with the
-l/--list
flag - Ability to detect over 40 different firewalls
- Ability to try over 20 different tampering techniques
- Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
- Default payloads that should produce at least one WAF triggering
- Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
- Ability to run behind any proxy type that matches this regex:
(socks\d+)?(http(s)?)?://
- Ability to use a random user agent, personal user agent, or custom default user agent
- Auto assign protocol to HTTP or ability to force protocol to HTTPS
- A built in encoder so you can encode your payloads into the discovered bypasses
- Automatic issue creation if an unknown firewall is discovered
- More to come...
Installing whatwaf is super easy, whatwaf is compatible with Python2 and Python3, all you have to do is the following:
./install.sh
You can also install it manually by running the following:
sudo -s << EOF
git clone https://github.com/ekultek/whatwaf.git
cd whatwaf
chmod +x whatwaf.py
pip install -r requirements.txt
./whatwaf.py --help
EOF
Or you can run whatwaf in a virtual environment by doing the following (requires virtualenv
to be installed):
sudo -s << EOF
pip install virtualenv
git clone https://github.com/ekultek/whatwaf.git
cd whatwaf
chmod +x whatwaf.py
virtualenv venv && source venv/bin/activate
pip install -r requirements.txt
./whatwaf.py --help
EOF
First we'll run the website through WhatWaf and figure out which firewall protects it (if any):
Next we'll go to that website and see what the page looks like:
Hmm.. that doesn't really look like Cloudflare does it? Lets see what the headers say:
And finally, lets try one of the bypasses that it tells us to try:
If you want to make some tamper scripts, want to add some functionality or just want to make something look better. Getting involved is easy:
- Fork the repository
- Edit the code to your liking
- Send a pull request
I'm always looking for some helpful people out there, and would love help with this little side project I got going on, Thanks!