Search the Community
Showing results for tags 'whatwaf'.
-
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… Changelog v1.7 Bunch of issue fixes with a few new wafs added into it enjoy [HIDE][Hidden Content]]
-
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… Changelog v1.5.4 minor update to Cloudflare detection via issue #299 [HIDE][Hidden Content]]
-
WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… [Hidden Content]