WAFW00F
Web application firewall fingerprinting and detection tool
Recon & OSINT8 commands
#waf#fingerprint#firewall#python
Installation
1Install using pip
2Verify installation
# Using pip
pip install wafw00f
# Verify
wafw00f -hBasic Usage
Detect which WAF (if any) is protecting a website
# Single URL
wafw00f https://example.com
# Multiple URLs from file
wafw00f -i urls.txt
# Verbose output
wafw00f https://example.com -v
# Find all WAFs detected
wafw00f https://example.com -a
# Output as JSON
wafw00f https://example.com -o results.jsonCommand Reference
8 commands
1Input file with URLs
-i2Verbose output
-v3Show all detected WAFs
-a4Output file for results
-o5List all supported WAFs
-l6HTTP proxy for requests
--proxy7Request timeout
--timeout8Follow redirects
--follow-redirectsWhen to Use
1
Pre-attack reconnaissance to identify WAFs2
Choosing appropriate evasion techniques3
Verifying WAF deployment after configuration changes4
Security assessment scope mappingNotes & Tips
1
Detects over 150 different WAF products2
Uses multiple fingerprinting techniques for accuracy3
Non-intrusive — safe to run without authorization (still get permission)Common Errors & Solutions
False positives on CDNs
CDNs like Cloudflare may be detected as WAFs — check with -a flag
Connection errors
Use --proxy if behind a corporate proxy or firewall