WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.
How does it work?
To do its magic, WAFW00F does the following:
– Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
– If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
– If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks
wafw00f v0.9.4
Dependencies:
– Python 2.7.x
Usage:
git clone https://github.com/EnableSecurity/wafw00f && cd wafw00f python2 setup.py install cd wafw00f/bin ./wafw00f -l