Packages and Binaries:


This package identifies and fingerprints Web Application Firewall (WAF) products using the following logic:

  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to the attacks.

Installed size: 240 KB
How to install: sudo apt install wafw00f

  • python3
  • python3-pluginbase
  • python3-requests

Identify and fingerprint Web Application Firewall products

root@kali:~# wafw00f -h
Usage: wafw00f url1 [url2 [url3 ... ]]
example: wafw00f

  -h, --help            show this help message and exit
  -v, --verbose         Enable verbosity, multiple -v options increase
  -a, --findall         Find all WAFs which match the signatures, do not stop
                        testing on the first one
  -r, --noredirect      Do not follow redirections given by 3xx responses
  -t TEST, --test=TEST  Test for one specific WAF
  -o OUTPUT, --output=OUTPUT
                        Write output to csv, json or text file depending on
                        file extension. For stdout, specify - as filename.
  -f FORMAT, --format=FORMAT
                        Force output format to csv, json or text.
  -i INPUT, --input-file=INPUT
                        Read targets from a file. Input format can be csv,
                        json or text. For csv and json, a `url` column name or
                        element is required.
  -l, --list            List all WAFs that WAFW00F is able to detect
  -p PROXY, --proxy=PROXY
                        Use an HTTP proxy to perform requests, examples:
                        http://hostname:8080, socks5://hostname:1080,
  -V, --version         Print out the current version of WafW00f and exit.
  -H HEADERS, --headers=HEADERS
                        Pass custom headers via a text file to overwrite the
                        default header set.

Updated on: 2023-Nov-24