Wafw00f + Nmap

Web application firewalls (WAF) are one of the strongest defenses a web app has, but they can be vulnerable if the firewall version used is known to an attacker. Understanding which firewall a target is using can be the first step to a hacker discovering how to get past it — and what defenses are in place on a target. And the Wafw00f make fingerprinting firewalls easy.


While most web app firewalls, or WAFs, are pretty good at defending the services they protect, they occasionally become vulnerable when an exploitable flaw is discovered. If a firewall hasn't been updated in quite some time, it can be easy to figure out the rules of a firewall and work around them to establish a foothold inside. Manually doing this is incredibly tedious and relies on interpreting the distinctive ways that the WAF responds to specific web requests.


Wafw00f is a popular Python program that takes the guesswork of fingerprinting a website's firewall off your hands. Based on the responses to a series of carefully crafted web requests, Wafw00f can determine the underlying firewall used by a service that it probes.


Wafw00f comes pre-installed in Kali Linux, but also can be easily installed on any system with Python.

1. git clone https://github.com/Ranjithkumar567/WAFW00F.git
2. python3 setup.py install

Scan an External Web Application:


Scan a Target with Nmap Scripts:


Nmap also comes preinstalled on Kali Linux, and it contains scripts to attempt the same kind of detection. We'll be trying out two different scripts:http-waf-fingerprint and http-waf-detect. While the point of both scripts is similar, they work in slightly different ways and can be effective against different targets.


First up, we'll use http-waf-fingerprint on the same target we did before:

The scan determines that there is, in fact, a firewall here, but it isn't able to tell us much about it. In fact, Nmap doesn't seem to be great at detecting this kind of firewall. If we run it against another example domain, we can see what a positive result looks like.

While Nmap can't detect everything that Wafw00f can, it's a great way to quickly identify the first line of defense a targeted web server is behind.










96 views0 comments

Recent Posts

See All

Here I will show you a command that will help you to transfer files faster between computers, it's very useful when you need to transfer a large amount of files. You can do it to transfer to others ha

Malicious executables often attempt to hide their behavior and evade detection. By doing so, they present anomalies and suspicious patterns. Pestudio is a free tool that allows you to perform an initi

Do you want to build by yourself a LAN server right on your Windows computer? Here you have some steps to do it works. #1) Go to openspeedtest.com; #2) Click on DOWNLOAD link; #3) Download and install