Wafw00f – web application firewalls are an excellent web apps security system, but they can be attacked if the firewalls used are known to a hacker. The first step for a hacker is to find out which firewall the target is using. Also, know all the security features of the target.
Although firewalls are very good at protecting web applications, they are vulnerable when a vulnerability is detected. If firewalls are not updated regularly you can find out their rules and bypass them easily.
What is wafw00f?
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
How dose it works?
To do its magic, WAFW00F does the following:
- Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions.
- If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
- If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks.
Install and use Wafw00f on termux
Installing this tool is very simple. However, let’s see how to install and use it simply without any errors.
Step 1: Install the Tool
Just type thisbelow command to install wafw00f in your termux and linux terminal.
pip install wafw00f==0.9.4
Step 2: Run the tool
Once you install wafw00f type this below command to find web application firewall.
wafw00f (trget website URL)
Multi-web address scanning is the same as single web address scanning, scanning your target one after the other so you can find the firewall of all your target websites at once.
wafw00f url1 [url2 [url3 ... ]]
That’s it. this is the simple way to install and use this tool. if you have any doubts on this process pleaase watch the below video
I hope you are fully aware of the WAF tool in this post and let me know through the command section if I did not mention anything you know.