WAFW00F - Web Application Firewall Detector

The first step is to gather information about the target, knowing the firewall used by the domain would help a lot. It is very easy for an individual to detect the type of Firewall running on any domain using Fingerprinting. This makes it harder for companies as, if the firewall is detectable, it would be easier for a hacker to find and exploit the vulnerability.


There is an in-built tool in Kali Linux that can be used to do this, the so-called WAFW00F. It is a fingerprinting tool that identifies WEB APPLICATION FIREWALL used by companies. An individual only needs to type wafw00f  into the terminal along with the domain name. 


For Example: wafw00f <domain_name>


Wafw00f basic example

To know more about the tool, you can use the man page. This can be accessed by typing man wafw00f in a terminal. Another way is to use the help flag by typing wafw00f -h.


List of options available

The help command shows the list of flags that are generally used like -v (verbose), -a (findall), -r (no redirect), -l (list), etc. Examples of the flags along with the commands are shown below:


  • -a: command can be used when you want to check the domain against all WAFs which are available in the database, i.e, do not stop testing on the first match. Sometimes it may happen that the behaviour of the domain's WAF is the same as multiple WAFs. In this case, stopping the checks after the first match is not a good idea. 

Results with -a flag
  • -V (capital V) can be used to get the version of the wafw00f you are using. If it is not the latest version available, UPDATE IT!
The version of the tool
  • -l: This flag lists out all the Web Application Firewall Fingerprint present in the database of wafw00f
List of Firewalls
P.S.: This is not all the WAF Fingerprints available. The above picture is just to show you a demo.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment