WhatWaf – Detect and bypass web application firewalls


Web application firewalls is an important part to secure your web application. The WAF consist of several filters and rule engine that will analyze and block malicious requests in real-time before they arrive to the web server. This is a good protection but they may include vulnerabilities that allow attacker to detect and bypass them. If you are looking to test a web application firewall you can check WhatWaf.

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.

WhatWaf - Detect and bypass web application firewalls

WhatWaf – Detect and bypass web application firewalls

Some of the advanced features for this tool is:

  • Ability to run on a single URL with the -u/–url flag
  • Ability to run through a list of URL’s with the -l/–list flag
  • Ability to detect over 40 different firewalls
  • Ability to try over 20 different tampering techniques
  • Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
  • Default payloads that should produce at least one WAF triggering
  • Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
  • Ability to run behind any proxy type that matches this regex:(socks\d+)?(http(s)?)?://
  • Ability to use a random user agent, personal user agent, or custom default user agent
  • Auto assign protocol to HTTP or ability to force protocol to HTTPS
  • A built in encoder so you can encode your payloads into the discovered bypasses
  • Automatic issue creation if an unknown firewall is discovered
  • Ability to send output to a JSON, CSV, or YAML file

You can read more and download the latest version on https://github.com/Ekultek/