Locked WhatWaf v1.5.4 Detect & bypass web application firewalls and protection systems

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target.

Features

    Ability to run on a single URL with the -u/--url flag
    Ability to run through a list of URL’s with the -l/--list flag
    Ability to detect over 40 different firewalls
    Ability to try over 20 different tampering techniques
    Ability to pass your own payloads either from a file, from the terminal, or use the default payloads
    Default payloads that are guaranteed to produce at least one WAF triggering
    Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques
    Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor)
    Ability to use a random user agent, personal user agent, or custom default user agent
    Auto-assign protocol to HTTP or ability to force protocol to HTTPS
    A built-in encoder so you can encode your payloads into the discovered bypasses
    More to come…

Changelog v1.5.4

    minor update to Cloudflare detection via issue #299

This is the hidden content, please

• Sign In
• or
• Sign Up