<h1 align="center">
<a href="https://github.com/enablesecurity/wafw00f"><img src="https://i.imgur.com/uAgp49o.png" alt="wafw00f"/></a>
<br>
WAFW00F
</h1>
<p align="center">
<b>The Web Application Firewall Fingerprinting Tool.</b>
<br>
<b>
— From <a href="https://enablesecurity.com">Enable Security</a>
</b>
</p>
<p align="center">
<a href="https://docs.python.org/3/download.html">
<img src="https://img.shields.io/badge/Python-3.x/2.x-green.svg">
</a>
<a href="https://github.com/EnableSecurity/wafw00f/releases">
<img src="https://img.shields.io/badge/Version-v2.3.1%20(stable)-blue.svg">
</a>
<a href="https://github.com/EnableSecurity/wafw00f/blob/master/LICENSE">
<img src="https://img.shields.io/badge/License-BSD%203%20Clause-orange.svg">
</a>
<a href="https://app.travis-ci.com/github/EnableSecurity/wafw00f">
<img src="https://app.travis-ci.com/EnableSecurity/wafw00f.svg">
</a>
</p>
## How does it work?
To do its magic, WAFW00F does the following:
- Sends a _normal_ HTTP request and analyses the response; this identifies a
number of WAF solutions.
- If that is not successful, it sends a number of (potentially malicious) HTTP
requests and uses simple logic to deduce which WAF it is.
- If that is also not successful, it analyses the responses previously
returned and uses another simple algorithm to guess if a WAF or security
solution is actively responding to our attacks.
For further details, check out the source code on our [main repository](https://github.com/EnableSecurity/wafw00f).
## What does it detect?
WAFW00F can detect a number of firewalls, a list of which is as below:
```
$ wafw00f -l
? ,. ( . ) . "
__ ?? (" ) )' ,' ) . (` '`
(___()'`; ??? .; ) ' (( (" ) ;(, (( ( ;) " )")
/,___ /` _"., ,._'_.,)_(..,( . )_ _' )_') (. _..( ' )
\\ \\ |____|____|____|____|____|____|____|____|____|
~ WAFW00F : v2.3.1 ~
~ Sniffing Web Application Firewalls since 2014 ~
[+] Can test for these WAFs:
WAF Name Manufacturer
-------- ------------
360WangZhanBao 360 Technologies
ACE XML Gateway Cisco
ASP.NET Generic Microsoft
ASPA Firewall ASPA Engineering Co.
AWS Elastic Load Balancer Amazon
AireeCDN Airee
Airlock Phion/Ergon
Alert Logic Alert Logic
AliYunDun Alibaba Cloud Computing
AnYu AnYu Technologies
Anquanbao Anquanbao
AppWall Radware
Approach Approach
Armor Defense Armor
ArvanCloud ArvanCloud
Astra Czar Securities
Azion Edge Firewall Azion
Azure Application Gateway Microsoft
Azure Front Door Microsoft
BIG-IP AP Manager F5 Networks
BIG-IP AppSec Manager F5 Networks
BIG-IP Local Traffic Manager F5 Networks
Barikode Ethic Ninja
Barracuda Barracuda Networks
Bekchy Faydata Technologies Inc.
Beluga CDN Beluga
BinarySec BinarySec
BitNinja BitNinja
BlockDoS BlockDoS
Bluedon Bluedon IST
BulletProof Security Pro AITpro Security
CacheFly CDN CacheFly
CacheWall Varnish
CdnNS Application Gateway CdnNs/WdidcNet
ChinaCache Load Balancer ChinaCache
Chuang Yu Shield Yunaq
Cloud Protector Rohde & Schwarz CyberSecurity
Cloudbric Penta Security
Cloudflare Cloudflare Inc.
Cloudfloor Cloudfloor DNS
Cloudfront Amazon
Comodo cWatch Comodo CyberSecurity
CrawlProtect Jean-Denis Brun
DDoS-GUARD DDOS-GUARD CORP.
DOSarrest DOSarrest Internet Security
DataPower IBM
DenyALL Rohde & Schwarz CyberSecurity
Distil Distil Networks
DotDefender Applicure Technologies
DynamicWeb Injection Check DynamicWeb
Edgecast Verizon Digital Media
Eisoo Cloud Firewall Eisoo
Envoy EnvoyProxy
Expression Engine EllisLab
Fastly Fastly CDN
FirePass F5 Networks
FortiGate Fortinet
FortiGuard Fortinet
FortiWeb Fortinet
GoDaddy Website Protection GoDaddy
Google Cloud App Armor Google Cloud
Greywizard Grey Wizard
Huawei Cloud Firewall Huawei
HyperGuard Art of Defense
ISA Server Microsoft
Imunify360 CloudLinux
Incapsula Imperva Inc.
IndusGuard Indusface
Instart DX Instart Logic
Janusec Application Gateway Janusec
Jiasule Jiasule
KS-WAF KnownSec
Kemp LoadMaster Progress Software
KeyCDN KeyCDN
Kona SiteDefender Akamai
LimeLight CDN LimeLight
LiteSpeed LiteSpeed Technologies
Malcare Inactiv
MaxCDN MaxCDN
Mission Control Shield Mission Control
ModSecurity SpiderLabs
NAXSI NBS Systems
NSFocus NSFocus Global Inc.
Nemesida PentestIt
NetContinuum Barracuda Networks
NetScaler AppFirewall Citrix Systems
NevisProxy AdNovum
Newdefend NewDefend
NexusGuard Firewall NexusGuard
NinjaFirewall NinTechNet
NullDDoS Protection NullDDoS
OnMessage Shield BlackBaud
Open-Resty Lua Nginx FLOSS
Oracle Cloud Oracle
PT Application Firewall Positive Technologies
Palo Alto Next Gen Firewall Palo Alto Networks
PentaWAF Global Network Services
PerimeterX PerimeterX
PowerCDN PowerCDN
Profense ArmorLogic
Puhui Puhui
Qcloud Tencent Cloud
Qiniu Qiniu CDN
Qrator Qrator
RSFirewall RSJoomla!
RayWAF WebRay Solutions
Reblaze Reblaze
RequestValidationMode Microsoft
SEnginx Neusoft
Sabre Firewall Sabre
Safe3 Web Firewall Safe3
Safedog SafeDog
Safeline Chaitin Tech.
SecKing SecKing
SecuPress WP Security SecuPress
Secure Entry United Security Providers
SecureSphere Imperva Inc.
ServerDefender VP Port80 Software
Shadow Daemon Zecure
Shield Security One Dollar Plugin
SiteGround SiteGround
SiteGuard Sakura Inc.
Sitelock TrueShield
SonicWall Dell
Squarespace Squarespace
SquidProxy IDS SquidProxy
StackPath StackPath
Sucuri CloudProxy Sucuri Inc.
Tencent Cloud Firewall Tencent Technologies
Teros Citrix Systems
Trafficshield F5 Networks
TransIP Web Firewall TransIP
UEWaf UCloud
URLMaster SecurityCheck iFinity/DotNetNuke
URLScan Microsoft
UTM Web Protection Sophos
Variti Variti
Varnish OWASP
Viettel Cloudrity
VirusDie VirusDie LLC
WP Cerber Security Cerber Tech
WTS-WAF WTS
Wallarm Wallarm Inc.
WatchGuard WatchGuard Technologies
WebARX WebARX Security Solutions
WebKnight AQTRONIX
WebLand WebLand
WebSEAL IBM
WebTotem WebTotem
West263 CDN West263CDN
Wordfence Defiant
XLabs Security WAF XLabs
Xuanwudun Xuanwudun
YXLink YxLink Technologies
Yundun Yundun
Yunjiasu Baidu Cloud Computing
Yunsuo Yunsuo
ZScaler Accenture
Zenedge Zenedge
aeSecure aeSecure
eEye SecureIIS BeyondTrust
pkSecurity IDS pkSec
wpmudev WAF Incsub
Shieldon Firewall Shieldon.io
```
## How do I use it?
First, install the tools as described [here](#how-do-i-install-it).
For help you can make use of the `--help` option. The basic usage is to pass
an URL as an argument. Example:
```
$ wafw00f https://example.org
______
/ \
( Woof! )
\ ____/ )
,, ) (_
.-. - _______ ( |__|
()``; |==|_______) .)|__|
/ (' /|\ ( |__|
( / ) / | \ . |__|
\(_)_)) / | \ |__|
~ WAFW00F : v2.3.1 ~
The Web Application Firewall Fingerprinting Toolkit
[*] Checking https://example.org
[+] The site https://example.org is behind Edgecast (Verizon Digital Media) WAF.
[~] Number of requests: 2
```
## How do I install it?
### Install from PyPI (recommended)
Run:
```
python3 -m pip install wafw00f
```
or
```
pip3 install wafw00f
```
### Via Docker
It is also possible to run it within a docker container. Clone this repository first and build the Docker image using:
```
docker build . -t wafw00f
```
Now you can run:
```
docker run --rm -it wafw00f https://example.com
```
### From source
> NOTE: Be careful to not break your system packages while installing wafw00f. Use venv as and when required.
Clone the repository:
```
git clone https://github.com/enablesecurity/wafw00f.git
```
Then:
```
cd wafw00f/
python3 -m pip install .
```
Or, by using pipx directly:
```
pipx install git+https://github.com/EnableSecurity/wafw00f.git
```
## Final Words
__Questions?__ Pull up an [issue on GitHub Issue Tracker](https://github.com/enablesecurity/wafw00f/issues/new) or contact [me](mailto:sandro@enablesecurity.com).
[Pull requests](https://github.com/enablesecurity/wafw00f/pulls), [ideas and issues](https://github.com/enablesecurity/wafw00f/issues) are highly welcome.
Some useful links:
- [Documentation/Wiki](https://github.com/enablesecurity/wafw00f/wiki/)
- [Pypi Package Repository](https://pypi.org/project/wafw00f)
Presently being developed and maintained by:
- Sandro Gauci ([@SandroGauci](https://twitter.com/sandrogauci))
- Pinaki Mondal ([@0xInfection](https://twitter.com/0xinfection))
Raw data
{
"_id": null,
"home_page": "https://github.com/enablesecurity/wafw00f",
"name": "wafw00f",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "waf firewall detector fingerprint",
"author": "Sandro Gauci",
"author_email": "sandro@enablesecurity.com",
"download_url": null,
"platform": null,
"description": "<h1 align=\"center\">\n <a href=\"https://github.com/enablesecurity/wafw00f\"><img src=\"https://i.imgur.com/uAgp49o.png\" alt=\"wafw00f\"/></a>\n <br>\n WAFW00F\n</h1>\n<p align=\"center\">\n <b>The Web Application Firewall Fingerprinting Tool.</b>\n <br>\n <b>\n — From <a href=\"https://enablesecurity.com\">Enable Security</a>\n </b>\n</p>\n<p align=\"center\">\n <a href=\"https://docs.python.org/3/download.html\">\n <img src=\"https://img.shields.io/badge/Python-3.x/2.x-green.svg\">\n </a>\n <a href=\"https://github.com/EnableSecurity/wafw00f/releases\">\n <img src=\"https://img.shields.io/badge/Version-v2.3.1%20(stable)-blue.svg\">\n </a>\n <a href=\"https://github.com/EnableSecurity/wafw00f/blob/master/LICENSE\">\n <img src=\"https://img.shields.io/badge/License-BSD%203%20Clause-orange.svg\">\n </a>\n <a href=\"https://app.travis-ci.com/github/EnableSecurity/wafw00f\">\n <img src=\"https://app.travis-ci.com/EnableSecurity/wafw00f.svg\">\n </a>\n</p>\n\n## How does it work?\n\nTo do its magic, WAFW00F does the following:\n\n- Sends a _normal_ HTTP request and analyses the response; this identifies a\n number of WAF solutions.\n- If that is not successful, it sends a number of (potentially malicious) HTTP\n requests and uses simple logic to deduce which WAF it is.\n- If that is also not successful, it analyses the responses previously\n returned and uses another simple algorithm to guess if a WAF or security\n solution is actively responding to our attacks.\n\nFor further details, check out the source code on our [main repository](https://github.com/EnableSecurity/wafw00f).\n\n## What does it detect?\n\nWAFW00F can detect a number of firewalls, a list of which is as below:\n\n```\n$ wafw00f -l\n\n\n ? ,. ( . ) . \"\n __ ?? (\" ) )' ,' ) . (` '`\n (___()'`; ??? .; ) ' (( (\" ) ;(, (( ( ;) \" )\")\n /,___ /` _\"., ,._'_.,)_(..,( . )_ _' )_') (. _..( ' )\n \\\\ \\\\ |____|____|____|____|____|____|____|____|____|\n\n ~ WAFW00F : v2.3.1 ~\n ~ Sniffing Web Application Firewalls since 2014 ~\n\n[+] Can test for these WAFs:\n\n WAF Name Manufacturer\n -------- ------------\n\n 360WangZhanBao 360 Technologies\n ACE XML Gateway Cisco\n ASP.NET Generic Microsoft\n ASPA Firewall ASPA Engineering Co.\n AWS Elastic Load Balancer Amazon\n AireeCDN Airee\n Airlock Phion/Ergon\n Alert Logic Alert Logic\n AliYunDun Alibaba Cloud Computing\n AnYu AnYu Technologies\n Anquanbao Anquanbao\n AppWall Radware\n Approach Approach\n Armor Defense Armor\n ArvanCloud ArvanCloud\n Astra Czar Securities\n Azion Edge Firewall Azion\n Azure Application Gateway Microsoft\n Azure Front Door Microsoft\n BIG-IP AP Manager F5 Networks\n BIG-IP AppSec Manager F5 Networks\n BIG-IP Local Traffic Manager F5 Networks\n Barikode Ethic Ninja\n Barracuda Barracuda Networks\n Bekchy Faydata Technologies Inc.\n Beluga CDN Beluga\n BinarySec BinarySec\n BitNinja BitNinja\n BlockDoS BlockDoS\n Bluedon Bluedon IST\n BulletProof Security Pro AITpro Security\n CacheFly CDN CacheFly\n CacheWall Varnish\n CdnNS Application Gateway CdnNs/WdidcNet\n ChinaCache Load Balancer ChinaCache\n Chuang Yu Shield Yunaq\n Cloud Protector Rohde & Schwarz CyberSecurity\n Cloudbric Penta Security\n Cloudflare Cloudflare Inc.\n Cloudfloor Cloudfloor DNS\n Cloudfront Amazon\n Comodo cWatch Comodo CyberSecurity\n CrawlProtect Jean-Denis Brun\n DDoS-GUARD DDOS-GUARD CORP.\n DOSarrest DOSarrest Internet Security\n DataPower IBM\n DenyALL Rohde & Schwarz CyberSecurity\n Distil Distil Networks\n DotDefender Applicure Technologies\n DynamicWeb Injection Check DynamicWeb\n Edgecast Verizon Digital Media\n Eisoo Cloud Firewall Eisoo\n Envoy EnvoyProxy\n Expression Engine EllisLab\n Fastly Fastly CDN\n FirePass F5 Networks\n FortiGate Fortinet\n FortiGuard Fortinet\n FortiWeb Fortinet\n GoDaddy Website Protection GoDaddy\n Google Cloud App Armor Google Cloud\n Greywizard Grey Wizard\n Huawei Cloud Firewall Huawei\n HyperGuard Art of Defense\n ISA Server Microsoft\n Imunify360 CloudLinux\n Incapsula Imperva Inc.\n IndusGuard Indusface\n Instart DX Instart Logic\n Janusec Application Gateway Janusec\n Jiasule Jiasule\n KS-WAF KnownSec\n Kemp LoadMaster Progress Software\n KeyCDN KeyCDN\n Kona SiteDefender Akamai\n LimeLight CDN LimeLight\n LiteSpeed LiteSpeed Technologies\n Malcare Inactiv\n MaxCDN MaxCDN\n Mission Control Shield Mission Control\n ModSecurity SpiderLabs\n NAXSI NBS Systems\n NSFocus NSFocus Global Inc.\n Nemesida PentestIt\n NetContinuum Barracuda Networks\n NetScaler AppFirewall Citrix Systems\n NevisProxy AdNovum\n Newdefend NewDefend\n NexusGuard Firewall NexusGuard\n NinjaFirewall NinTechNet\n NullDDoS Protection NullDDoS\n OnMessage Shield BlackBaud\n Open-Resty Lua Nginx FLOSS\n Oracle Cloud Oracle\n PT Application Firewall Positive Technologies\n Palo Alto Next Gen Firewall Palo Alto Networks\n PentaWAF Global Network Services\n PerimeterX PerimeterX\n PowerCDN PowerCDN\n Profense ArmorLogic\n Puhui Puhui\n Qcloud Tencent Cloud\n Qiniu Qiniu CDN\n Qrator Qrator\n RSFirewall RSJoomla!\n RayWAF WebRay Solutions\n Reblaze Reblaze\n RequestValidationMode Microsoft\n SEnginx Neusoft\n Sabre Firewall Sabre\n Safe3 Web Firewall Safe3\n Safedog SafeDog\n Safeline Chaitin Tech.\n SecKing SecKing\n SecuPress WP Security SecuPress\n Secure Entry United Security Providers\n SecureSphere Imperva Inc.\n ServerDefender VP Port80 Software\n Shadow Daemon Zecure\n Shield Security One Dollar Plugin\n SiteGround SiteGround\n SiteGuard Sakura Inc.\n Sitelock TrueShield\n SonicWall Dell\n Squarespace Squarespace\n SquidProxy IDS SquidProxy\n StackPath StackPath\n Sucuri CloudProxy Sucuri Inc.\n Tencent Cloud Firewall Tencent Technologies\n Teros Citrix Systems\n Trafficshield F5 Networks\n TransIP Web Firewall TransIP\n UEWaf UCloud\n URLMaster SecurityCheck iFinity/DotNetNuke\n URLScan Microsoft\n UTM Web Protection Sophos\n Variti Variti\n Varnish OWASP\n Viettel Cloudrity\n VirusDie VirusDie LLC\n WP Cerber Security Cerber Tech\n WTS-WAF WTS\n Wallarm Wallarm Inc.\n WatchGuard WatchGuard Technologies\n WebARX WebARX Security Solutions\n WebKnight AQTRONIX\n WebLand WebLand\n WebSEAL IBM\n WebTotem WebTotem\n West263 CDN West263CDN\n Wordfence Defiant\n XLabs Security WAF XLabs\n Xuanwudun Xuanwudun\n YXLink YxLink Technologies\n Yundun Yundun\n Yunjiasu Baidu Cloud Computing\n Yunsuo Yunsuo\n ZScaler Accenture\n Zenedge Zenedge\n aeSecure aeSecure\n eEye SecureIIS BeyondTrust\n pkSecurity IDS pkSec\n wpmudev WAF Incsub\n Shieldon Firewall Shieldon.io\n```\n\n## How do I use it?\n\nFirst, install the tools as described [here](#how-do-i-install-it).\n\nFor help you can make use of the `--help` option. The basic usage is to pass\nan URL as an argument. Example:\n```\n$ wafw00f https://example.org\n\n ______\n / \\\n ( Woof! )\n \\ ____/ )\n ,, ) (_\n .-. - _______ ( |__|\n ()``; |==|_______) .)|__|\n / (' /|\\ ( |__|\n ( / ) / | \\ . |__|\n \\(_)_)) / | \\ |__|\n\n ~ WAFW00F : v2.3.1 ~\n The Web Application Firewall Fingerprinting Toolkit\n\n[*] Checking https://example.org\n[+] The site https://example.org is behind Edgecast (Verizon Digital Media) WAF.\n[~] Number of requests: 2\n```\n\n## How do I install it?\n\n### Install from PyPI (recommended)\nRun:\n```\npython3 -m pip install wafw00f\n```\nor\n```\npip3 install wafw00f\n```\n\n### Via Docker\nIt is also possible to run it within a docker container. Clone this repository first and build the Docker image using:\n```\ndocker build . -t wafw00f\n```\nNow you can run:\n```\ndocker run --rm -it wafw00f https://example.com\n```\n\n### From source\n> NOTE: Be careful to not break your system packages while installing wafw00f. Use venv as and when required.\n\nClone the repository:\n```\ngit clone https://github.com/enablesecurity/wafw00f.git\n```\nThen:\n```\ncd wafw00f/\npython3 -m pip install .\n```\n\nOr, by using pipx directly:\n```\npipx install git+https://github.com/EnableSecurity/wafw00f.git\n```\n\n## Final Words\n\n__Questions?__ Pull up an [issue on GitHub Issue Tracker](https://github.com/enablesecurity/wafw00f/issues/new) or contact [me](mailto:sandro@enablesecurity.com).\n[Pull requests](https://github.com/enablesecurity/wafw00f/pulls), [ideas and issues](https://github.com/enablesecurity/wafw00f/issues) are highly welcome.\n\nSome useful links:\n\n- [Documentation/Wiki](https://github.com/enablesecurity/wafw00f/wiki/)\n- [Pypi Package Repository](https://pypi.org/project/wafw00f)\n\nPresently being developed and maintained by:\n\n- Sandro Gauci ([@SandroGauci](https://twitter.com/sandrogauci))\n- Pinaki Mondal ([@0xInfection](https://twitter.com/0xinfection))\n",
"bugtrack_url": null,
"license": "BSD License",
"summary": null,
"version": "2.3.1",
"project_urls": {
"Bug Tracker": "https://github.com/EnableSecurity/wafw00f/issues",
"Documentation": "https://github.com/EnableSecurity/wafw00f/wiki",
"Homepage": "https://github.com/enablesecurity/wafw00f",
"Source Code": "https://github.com/EnableSecurity/wafw00f/tree/master"
},
"split_keywords": [
"waf",
"firewall",
"detector",
"fingerprint"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "41dedd920dd0513499c307424ae712d3c4ad1fc0833f689e31512edcc707825c",
"md5": "b6a3bb71a08e14b31dbba2ca9ad45cbf",
"sha256": "71472aaee41503e7478665fb95d9ed0973172e49c1090e810825282d81099233"
},
"downloads": -1,
"filename": "wafw00f-2.3.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b6a3bb71a08e14b31dbba2ca9ad45cbf",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 90987,
"upload_time": "2024-12-31T06:41:20",
"upload_time_iso_8601": "2024-12-31T06:41:20.789942Z",
"url": "https://files.pythonhosted.org/packages/41/de/dd920dd0513499c307424ae712d3c4ad1fc0833f689e31512edcc707825c/wafw00f-2.3.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-31 06:41:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "enablesecurity",
"github_project": "wafw00f",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "wafw00f"
}
JSON
