Active Members Fi8sVrs Posted December 20, 2017 Active Members Report Posted December 20, 2017 WhatWaf? WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL's with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto assign protocol to HTTP or ability to force protocol to HTTPS A built in encoder so you can encode your payloads into the discovered bypasses More to come... Installation Installing whatwaf is super easy, all you have to do is the following: Have Python 2.7, Python 3.x compatibility is being implemented soon: sudo -s << EOF git clone https://github.com/ekultek/whatwaf.git cd whatwaf chmod +x whatwaf.py pip2 install -r requirements.txt ./whatwaf.py --help Proof of Concept First we'll run the website through WhatWaf and figure out which firewall protects it (if any): Next we'll go to that website and see what the page looks like: Hmm.. that doesn't really look like Cloudflare does it? Lets see what the headers say: And finally, lets try one of the bypasses that it tells us to try: Demo video Get involved! If you want to make some tamper scripts, want to add some functionality or just want to make something look better. Getting involved is easy: Fork the repository Edit the code to your liking Send a pull request I'm always looking for some helpful people out there, and would love help with this little side project I got going on, Thanks! Download: WhatWaf-master.zip git clone https://github.com/Ekultek/WhatWaf.git Source: https://github.com/Ekultek/WhatWaf Quote
