WhatWaf alternatives

Looking for an alternative tool to replace WhatWaf? During the review of WhatWaf we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. wafw00f (Fingerprint web application firewall technology)
  2. WAFPASS (web application firewall testing)
  3. XSStrike (XSS detection and exploitation suite)

These tools are ranked as the best alternatives to WhatWaf.

Alternatives (by score)

60

wafw00f

Introduction

wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

Project details

wafw00f is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Application fingerprinting
    • Information gathering
    • Penetration testing
    • Reconnaissance
    • Security assessment

    wafw00f review

    64

    WAFPASS

    Introduction

    WAFPASS is a security tool to perform a security scan of a web application firewall (WAF). It tries to bypass the security defenses, to evaluate its effectiveness.

    Project details

    WAFPASS is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Application testing
      • Software testing
      • WAF bypassing

      WAFPASS review

      76

      XSStrike

      Introduction

      XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.

      Project details

      XSStrike is written in Python.

      Strengths and weaknesses

      • + More than 5000 GitHub stars
      • + Very low number of dependencies
      • + The source code of this software is available

        Typical usage

        • Application fuzzing
        • Web application analysis

        XSStrike review

        Some relevant tool missing as an alternative to WhatWaf? Please contact us with your suggestion.