- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.
Features
Ability to run on a single URL with the -u/--url flag
Ability to run through a list of URL’s with the -l/--list flag
Ability to detect over 40 different firewalls
Ability to try over 20 different tampering techniques
Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
Default payloads that are guaranteed to produce at least one WAF triggering
Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques
Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor)
Ability to use a random user agent, personal user agent, or custom default user agent
Auto-assign protocol to HTTP or ability to force protocol to HTTPS
A built-in encoder so you can encode your payloads into the discovered bypasses
More to come…
Changelog v1.5.4
minor update to Cloudflare detection via issue #299