WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website


The Web Application Firewall Fingerprinting Tool.
— From Enable Security

How does it work?
To do its magic, WAFW00F does the following:
  • Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
  • If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
  • If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.
For further details, check out the source code on our main repository.

What does it detect?
WAFW00F can detect a number of firewalls, a list of which is as below:
$ wafw00f -l

                                                                      
                ______                                                
               /      \                                               
              (  W00f! )                                              
               \  ____/                                               
               ,,    __            404 Hack Not Found                 
           |`-.__   / /                      __     __                
           /"  _/  /_/                       \ \   / /                
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /                  
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \ 
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.0.0 ~
        The Web Application Firewall Fingerprinting Toolkit

[+] Can test for these WAFs:

  WAF Name                      Manufacturer
  --------                      ------------

  ACE XML Gateway               Cisco
  aeSecure                      aeSecure
  AireeCDN                      Airee
  Airlock                       Phion/Ergon
  Alert Logic                   Alert Logic
  AliYunDun                     Alibaba Cloud Computing
  Anquanbao                     Anquanbao
  AnYu                          AnYu Technologies
  Approach                      Approach
  AppWall                       Radware
  Armor Defense                 Armor
  ArvanCloud                    ArvanCloud
  ASP.NET Generic               Microsoft
  ASPA Firewall                 ASPA Engineering Co.
  Astra                            Czar Securities
  AzionCDN                      AzionCDN
  Barikode                      Ethic Ninja
  Barracuda                     Barracuda Networks
  Bekchy                        Faydata Technologies Inc.
  Beluga CDN                    Beluga
  BinarySec                     BinarySec
  BitNinja                      BitNinja
  BlockDoS                      BlockDoS
  Bluedon                       Bluedon IST
  CacheWall                     Varnish
  CacheFly CDN                  CacheFly
  Comodo cWatch                 Comodo CyberSecurity
  Chuang Yu Shield              Yunaq
  Cloudbric                     Penta Security
  Cloudflare                    Cloudflare Inc.
  Cloudfloor                    Cloudfloor DNS
  Cloudfront                    Amazon
  CrawlProtect                  Jean-Denis Brun
  DataPower                     IBM
  DenyALL                       Rohde & Schwarz Cyber   Security
  Distil                        Distil Networks
  DOSarrest                     DOSarrest Internet Security
  DotDefender                   Applicure Technologies
  Edgecast                      Verizon Digital Media
  Eisoo Cloud Firewall          Eisoo
  Expression Engine             EllisLab
  BIG-IP AppSec Manager         F5 Networks
  BIG-IP AP Manager             F5 Networks
  Fastly                        Fastly CDN
  FirePass                      F5 Networks
  FortiWeb                      Fortinet
  Greywizard                    Grey Wizard
  Huawei Cloud Firewall         Huawei
  HyperGuard                    Art of Defense
  Imunify360                    CloudLinux
  Incapsula                     Imperva Inc.
  IndusGuard                    Indusface
  Instart DX                    Instart Logic
  ISA Server                    Microsoft
  Jiasule                       Jiasule
  Ko   na SiteDefender             Akamai
  KS-WAF                        KnownSec
  KeyCDN                        KeyCDN
  LimeLight CDN                 LimeLight
  LiteSpeed                     LiteSpeed Technologies
  Open-Resty Lua Nginx          FLOSS
  Oracle Cloud                  Oracle
  Malcare                       Inactiv
  MaxCDN                        MaxCDN
  ModSecurity                   SpiderLabs
  NAXSI                         NBS Systems
  Nemesida                      PentestIt
  NevisProxy                    AdNovum
  NetContinuum                  Barracuda Networks
  NetScaler AppFirewall         Citrix Systems
  Newdefend                     NewDefend
  NexusGuard Firewall           NexusGuard
  NinjaFirewall                 NinTechNet
  NullDDoS Protection           NullDDoS
  NSFocus                       NSFocus Global Inc.
  OnMessage Shield              BlackBaud
  PerimeterX                    PerimeterX
  PentaWAF                      Global Network Services
  pkSecurity IDS                pkSec
  PowerCDN                      PowerCDN
  Profense                      ArmorLogic
  Puhui                         Puhui
  Qiniu                         Qiniu CDN
  Reblaze                       Reblaze
  RSFirewall                    RSJoomla!
  Sabre Firewall                Sabre
  Safe3 Web Firewall            Safe3
  Safedog                       SafeDog
  Safeline                      Chaitin Tech.
  SecKing                       SecKing
  eEye SecureIIS                BeyondTrust
  SecuPress WP Security         SecuPress
  SecureSphere                  Imperva Inc.
  Secure Entry                     United Security Providers
  SEnginx                       Neusoft    
  ServerDefender VP             Port80 Software
  Shield Security               One Dollar Plugin
  Shadow Daemon                 Zecure  
  SiteGround                    SiteGround 
  SiteGuard                     Sakura Inc.   
  Sitelock                      TrueShield
  SonicWall                     Dell        
  UTM Web Protection            Sophos   
  Squarespace                   Squarespace  
  SquidProxy IDS                SquidProxy
  StackPath                     StackPath
  Sucuri CloudProxy             Sucuri Inc.
  Teros                         Citrix Systems
  Trafficshield                 F5 Networks
  TransIP Web Firewall          TransIP  
  URLScan                       Microsoft
  UEWaf                         UCloud
  Varnish                       OWASP 
  Viettel                       Cloudrity
  VirusDie                         VirusDie LLC
  Wallarm                       Wallarm Inc.
  WatchGuard                    WatchGuard Technologies
  WebARX                        WebARX Security Solutions
  WebKnight                     AQTRONIX
  WebLand                       WebLand
  RayWAF                        WebRay Solutions
  WebSEAL                       IBM
  WebTotem                      WebTotem
  West263 CDN                   West263CDN
  Wordfence                     Defiant 
  WP Cerber Security            Cerber Tech
  WTS-WAF                       WTS      
  360WangZhanBao                360 Technologies
  XLabs Security WAF            XLabs
  Xuanwudun                     Xuanwudun
  Yundun                        Yundun
  Yunsuo                        Yunsuo
  Yunjiasu                      Baidu Cloud Computing
  YXLink                        YxLink Technologies
  Zenedge                       Ze   nedge
  ZScaler                       Accenture

How do I use it?
First, install the tools as described here.
For help you can make use of the --help option. The basic usage is to pass an URL as an argument. Example:
$  wafw00f https://example.org

                ______
               /      \
              (  W00f! )
               \  ____/
               ,,    __            404 Hack Not Found
           |`-.__   / /                      __     __
           /"  _/  /_/                       \ \   / /
          *===*    /                          \ \_/ /  405 Not Allowed
         /     )__//                           \   /
    /|  /     /---`                        403 Forbidden
    \\/`   \ |                                 / _ \
    `\    /_\\_              502 Bad Gateway  / / \ \  500 Internal Error
      `_____``-`                             /_/   \_\

                        ~ WAFW00F : v2.0.0 ~
        The Web Application Firewall Fingerprinting Toolkit
    
[*] Checking https://example.org
[+] The site https://example.org is behind Edgecast (Verizon Digital Media) WAF.
[~] Number of requests:    2

How do I install it?
The following should do the trick:
python setup.py install

Final Words
Questions? Pull up an issue on GitHub Issue Tracker or contact me.
Pull requests, ideas and issues are highly welcome. If you wish to see how WAFW00F is being developed, check out the development board.
Some useful links:
Presently being developed and maintained by:


WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website Reviewed by Zion3R on 8:30 AM Rating: 5