- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.
Features
- Ability to run on a single URL with the -u/--url flag
- Ability to run through a list of URL’s with the -l/--list flag
- Ability to detect over 40 different firewalls
- Ability to try over 20 different tampering techniques
- Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
- Default payloads that are guaranteed to produce at least one WAF triggering
- Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques
- Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor)
- Ability to use a random user agent, personal user agent, or custom default user agent
- Auto-assign protocol to HTTP or ability to force protocol to HTTPS
- A built-in encoder so you can encode your payloads into the discovered bypasses
- More to come…