LSE toolsLSE toolsWhatWaf (354)WhatWaf (354)

Tool and Usage

Project details
LicenseCustom license
Programming languagePython
Latest releaseNo release found

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

WhatWaf can be helpful during security assessments to learn if a web application is protected by a WAF. If so, the bypass and avoidance techniques may help to further test or exploit the related web application.

Usage and audience

WhatWaf is commonly used for application discovery, application fingerprinting, software identification, WAF bypassing, or web application analysis. Target users for this tool are pentesters and security professionals.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available


  • - No releases on GitHub available


Supported operating systems

WhatWaf is known to work on Linux.


Several dependencies are required to use WhatWaf.

  • BeautifulSoup4
  • requests

WhatWaf alternatives

Similar tools to WhatWaf:



wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.



WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.



XSStrike is tool for penetration testers and developers to test web applications. It scans a web application for any possible cross-site scripting weakness. With its own fuzzing engine, it might find rare issues. XSStrike can also discover the presence of a web application firewall (WAF).

All WhatWaf alternatives

Found an improvement? Help the community by submitting an update.

Related tool information