wafw00f
BSD-3-Clause๐ธ Web Scanning ยท Python
WAFW00F is a Python-based tool that identifies and fingerprints Web Application Firewall (WAF) products protecting a target website. It sends a series of crafted HTTP requests and analyzes the responses to determine which WAF vendor and product is in use, supporting detection of over 100 different WAF solutions including Cloudflare, AWS WAF, Akamai, and Imperva. Penetration testers and bug bounty hunters run WAFW00F early in web application assessments to understand what defensive layers they need to bypass before launching further attacks. Knowing the specific WAF in use allows attackers to tailor their payloads and evasion techniques, making WAFW00F an essential first step in any web application penetration test.
Tags
Details
- Category
- ๐ธ Web Scanning
- Language
- Python
- Repository
- EnableSecurity/wafw00f
- License
- BSD-3-Clause
- Platforms
- ๐งlinux๐macos๐ชwindows
Links
Community Reviews
No reviews yet. Be the first to review wafw00f.
More in Web Scanning
httpx
GoFast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.
Nikto
PerlClassic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.
Gobuster
GoDirectory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.
Feroxbuster
RustFast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.
Burp Suite Community
JavaWeb vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.
ffuf
GoFast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.