WAF Enumeration

Theory

WAF (Web Application Firewall) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. We can try to identify and fingerprint it and thus facilitate the bypass process.

Practice

wafw00f allows to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

#Basic scan
wafw00f https://domain.com

#Test all WAF
wafw00f https://domain.com -a

Ressource

GitHub - EnableSecurity/wafw00f: WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.GitHub

Last updated 1 year ago