• Diniz Martins

Wafw00f + Nmap

Web application firewalls (WAF) are one of the strongest defenses a web app has, but they can be vulnerable if the firewall version used is known to an attacker. Understanding which firewall a target is using can be the first step to a hacker discovering how to get past it — and what defenses are in place on a target. And the Wafw00f make fingerprinting firewalls easy.


While most web app firewalls, or WAFs, are pretty good at defending the services they protect, they occasionally become vulnerable when an exploitable flaw is discovered. If a firewall hasn't been updated in quite some time, it can be easy to figure out the rules of a firewall and work around them to establish a foothold inside. Manually doing this is incredibly tedious and relies on interpreting the distinctive ways that the WAF responds to specific web requests.


Wafw00f is a popular Python program that takes the guesswork of fingerprinting a website's firewall off your hands. Based on the responses to a series of carefully crafted web requests, Wafw00f can determine the underlying firewall used by a service that it probes.


Wafw00f comes pre-installed in Kali Linux, but also can be easily installed on any system with Python.

1. git clone https://github.com/Ranjithkumar567/WAFW00F.git
2. python3 setup.py install

Scan an External Web Application:


Scan a Target with Nmap Scripts:


Nmap also comes preinstalled on Kali Linux, and it contains scripts to attempt the same kind of detection. We'll be trying out two different scripts:http-waf-fingerprint and http-waf-detect. While the point of both scripts is similar, they work in slightly different ways and can be effective against different targets.


First up, we'll use http-waf-fingerprint on the same target we did before:

The scan determines that there is, in fact, a firewall here, but it isn't able to tell us much about it. In fact, Nmap doesn't seem to be great at detecting this kind of firewall. If we run it against another example domain, we can see what a positive result looks like.

While Nmap can't detect everything that Wafw00f can, it's a great way to quickly identify the first line of defense a targeted web server is behind.










35 views0 comments

Recent Posts

See All

Ping & Send WhatsApp Message

In this post we will show you how to create a ping monitoring tool and send the result message to your phone using WhatsApp. First you need to enable a developer mode on you Excel to make it works. No

Browser Extensions

You know what software your target is running but how do you determine what vulnerabilities it has? The whole point of l earning a target technology stack is so you can use this information to find as

NMAP | Essential Commands

Nmap or Network Mapper is undoubtedly the best reconnaissance tool used by modern penetration testers. This open-source application has come a long way since its inception and proved to be a game-chan