wafw00f

all

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Options (6)

-a, --findallboolean

Test for all detectable WAFs without stopping at the first match

Example: wafw00f {{[-a|--findall]}} {{https://www.example.com}}

-p, --proxyboolean

Pass requests through a proxy (such as BurpSuite)

Example: wafw00f {{[-p|--proxy]}} {{http://localhost:8080}} {{https://www.example.com}}

-t, --testboolean

Test for a specific WAF product (run `wafw00f --list` to get list of all supported WAFs)

Example: wafw00f {{[-t|--test]}} {{Cloudflare|Cloudfront|Fastly|ZScaler|...}} {{https://www.example.com}}

-H, --headersboolean

Pass custom headers from a file

Example: wafw00f {{[-H|--headers]}} {{path/to/headers.txt}} {{https://www.example.com}}

-i, --inputboolean

Read target inputs from a file and show verbose output (multiple `v` for more verbosity)

Example: wafw00f {{[-i|--input]}} {{path/to/urls.txt}} -{{vv}}

-l, --listboolean

List all WAFs that can be detected

Example: wafw00f {{[-l|--list]}}

Check if a website is using any WAF

wafw00f https://www.example.com

Test for all detectable WAFs without stopping at the first match

wafw00f [-a|--findall] https://www.example.com

Pass requests through a proxy (such as BurpSuite)

wafw00f [-p|--proxy] http://localhost:8080 https://www.example.com

Test for a specific WAF product (run `wafw00f --list` to get list of all supported WAFs)

Pass custom headers from a file

wafw00f [-H|--headers] path/to/headers.txt https://www.example.com

Read target inputs from a file and show verbose output (multiple `v` for more verbosity)

wafw00f [-i|--input] path/to/urls.txt -vv

List all WAFs that can be detected

wafw00f [-l|--list]