Tool and Usage
|Latest release||No release found|
Why this tool?
WhatWaf can be helpful during security assessments to learn if a web application is protected by a WAF. If so, the bypass and avoidance techniques may help to further test or exploit the related web application.
Usage and audience
WhatWaf is commonly used for application discovery, application fingerprinting, software identification, WAF bypassing, or web application analysis. Target users for this tool are pentesters and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - No releases on GitHub available
Supported operating systems
WhatWaf is known to work on Linux.
Several dependencies are required to use WhatWaf.
Similar tools to WhatWaf:
wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.
WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.
XSStrike is tool for penetration testers and developers to test web applications. It scans a web application for any possible cross-site scripting weakness. With its own fuzzing engine, it might find rare issues. XSStrike can also discover the presence of a web application firewall (WAF).
Found an improvement? Help the community by submitting an update.