whatwaf

Detect WAF

$ whatwaf -u [https://example.com]

$ whatwaf -l [urls.txt]

$ whatwaf -u [url] --tor

$ whatwaf -u [url] --payload "[<script>]"

$ whatwaf -u [url] --json

whatwaf [-u url] [-l file] [--tor] [options]

whatwaf is a security tool that detects Web Application Firewalls (WAFs) protecting websites and suggests potential bypass techniques. It sends various payloads to the target and analyzes responses to fingerprint the specific WAF product in use.
Beyond detection, whatwaf provides tamper scripts and evasion suggestions tailored to the identified WAF, helping penetration testers understand what protections they need to work around during authorized assessments. Custom payloads can be specified for targeted testing.
The tool supports batch scanning from URL files, Tor network routing for anonymous testing, and JSON output for integration with other security tools. It is intended exclusively for authorized security testing and research.

-u URL

Target URL.

URL list file.

Use Tor network.

Custom payload.

JSON output.

Tamper script.

Authorized testing only. May trigger alerts. Python required.

WhatWaf was created for identifying Web Application Firewalls and suggesting bypass techniques.

wafw00f(1), nmap(1), sqlmap(1)