Table of Contents
web application firewalls are an excellent web apps security system, but they can be attacked if the firewalls used are known to a hacker. The first step for a hacker is to find out which firewall the target is using. Also, know all the security features of the target.
Although firewalls are very good at protecting web applications, they are vulnerable when a vulnerability is detected. If firewalls are not updated regularly you can find out their rules and bypass them easily.
What is Wafw00f?
Wafw00f is a popular python program used to accurately detect the firewall of a website. Below is a list of wafw00f diagnostic firewalls.
AeSecure (aeSecure)
Airlock (Phion/Ergon)
Alert Logic (Alert Logic)
AliYunDun (Alibaba Cloud Computing)
Anquanbao (Anquanbao)
AnYu (AnYu Technologies)
Approach (Approach)
Armor Defense (Armor)
ASP.NET Generic Protection (Microsoft)
Astra Web Protection (Czar Securities)
AWS Elastic Load Balancer (Amazon)
Yunjiasu (Baidu Cloud Computing)
Barikode (Ethic Ninja)
Barracuda Application Firewall (Barracuda Networks)
Bekchy (Faydata Technologies Inc.)
BinarySec (BinarySec)
BitNinja (BitNinja)
BlockDoS (BlockDoS)
Bluedon (Bluedon IST)
CacheWall (Varnish)
CdnNS Application Gateway (CdnNs/WdidcNet)
WP Cerber Security (Cerber Tech)
ChinaCache CDN Load Balancer (ChinaCache)
Chuang Yu Shield (Yunaq)
ACE XML Gateway (Cisco)
Cloudbric (Penta Security)
Cloudflare (Cloudflare Inc.)
Cloudfront (Amazon)
Comodo cWatch (Comodo CyberSecurity)
CrawlProtect (Jean-Denis Brun)
DenyALL (Rohde & Schwarz CyberSecurity)
Distil (Distil Networks)
DOSarrest (DOSarrest Internet Security)
DotDefender (Applicure Technologies)
DynamicWeb Injection Check (DynamicWeb)
Edgecast (Verizon Digital Media)
Expression Engine (EllisLab)
BIG-IP Access Policy Manager (F5 Networks)
BIG-IP Application Security Manager (F5 Networks)
BIG-IP Local Traffic Manager (F5 Networks)
FirePass (F5 Networks)
Trafficshield (F5 Networks)
FortiWeb (Fortinet)
GoDaddy Website Protection (GoDaddy)
Greywizard (Grey Wizard)
HyperGuard (Art of Defense)
DataPower (IBM)
Imunify360 (CloudLinux)
Incapsula (Imperva Inc.)
Instart DX (Instart Logic)
ISA Server (Microsoft)
Janusec Application Gateway (Janusec)
Jiasule (Jiasule)
KS-WAF (KnownSec)
Kona Site Defender (Akamai)
LiteSpeed Firewall (LiteSpeed Technologies)
Malcare (Inactiv)
Mission Control Application Shield (Mission Control)
ModSecurity (SpiderLabs)
NAXSI (NBS Systems)
Nemesida (PentestIt)
NetContinuum (Barracuda Networks)
NetScaler AppFirewall (Citrix Systems)
NevisProxy (AdNovum)
Newdefend (NewDefend)
NexusGuard Firewall (NexusGuard)
NinjaFirewall (NinTechNet)
NSFocus (NSFocus Global Inc.)
OnMessage Shield (BlackBaud)
Open-Resty Lua Nginx WAF
Palo Alto Next Gen Firewall (Palo Alto Networks)
PerimeterX (PerimeterX)
pkSecurity Intrusion Detection System
PowerCDN (PowerCDN)
Profense (ArmorLogic)
AppWall (Radware)
Reblaze (Reblaze)
RSFirewall (RSJoomla!)
ASP.NET RequestValidationMode (Microsoft)
Sabre Firewall (Sabre)
Safe3 Web Firewall (Safe3)
Safedog (SafeDog)
Safeline (Chaitin Tech.)
SecuPress WordPress Security (SecuPress)
Secure Entry (United Security Providers)
eEye SecureIIS (BeyondTrust)
SecureSphere (Imperva Inc.)
SEnginx (Neusoft)
Shield Security (One Dollar Plugin)
SiteGround (SiteGround)
SiteGuard (Sakura Inc.)
Sitelock (TrueShield)
SonicWall (Dell)
UTM Web Protection (Sophos)
Squarespace (Squarespace)
StackPath (StackPath)
Sucuri CloudProxy (Sucuri Inc.)
Tencent Cloud Firewall (Tencent Technologies)
Teros (Citrix Systems)
TransIP Web Firewall (TransIP)
URLMaster SecurityCheck (iFinity/DotNetNuke)
URLScan (Microsoft)
Varnish (OWASP)
VirusDie (VirusDie LLC)
Wallarm (Wallarm Inc.)
WatchGuard (WatchGuard Technologies)
WebARX (WebARX Security Solutions)
WebKnight (AQTRONIX)
WebSEAL (IBM)
WebTotem (WebTotem)
West263 Content Delivery Network
Wordfence (Feedjit)
WTS-WAF (WTS)
360WangZhanBao (360 Technologies)
XLabs Security WAF (XLabs)
Xuanwudun
Yundun (Yundun)
Yunsuo (Yunsuo)
Zenedge (Zenedge)
ZScaler (Accenture)
Wafw00f is already installed on kali-Linux, but with the help of python, any other device can use this tool like Termux and windows. To open this tool in Linux Information Gathering > IDS/IPS Identification > Waf00f
If you want to run the Wafw00f tool through your Linux terminal, you can run it using the command given below.
wafw00f -h
How to install wafw00f?
If you want to install wafw00f on your system you must first have python installed on your device and then you can install the wafw00f tool using the commands given below.
git clone https://github.com/EnableSecurity/wafw00f.git
After downloading, change your directory to the wafw00f folder and install this tool using the command given below.
cd wafw00f
python setup.py install
┌──(errorsfind㉿kali)-[~]
└─$ cd wafw00f
┌──(errorsfind㉿kali)-[~/wafw00f]
└─$ python setup.py install
running install
running bdist_egg
running egg_info
creating wafw00f.egg-info
writing requirements to wafw00f.egg-info/requires.txt
writing wafw00f.egg-info/PKG-INFO
writing top-level names to wafw00f.egg-info/top_level.txt
writing dependency_links to wafw00f.egg-info/dependency_links.txt
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest file 'wafw00f.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'wafw00f.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build
creating build/lib.linux-x86_64-2.7
creating build/lib.linux-x86_64-2.7/wafw00f
copying wafw00f/__init__.py -> build/lib.linux-x86_64-2.7/wafw00f
copying wafw00f/manager.py -> build/lib.linux-x86_64-2.7/wafw00f
copying wafw00f/wafprio.py -> build/lib.linux-x86_64-2.7/wafw00f
copying wafw00f/main.py -> build/lib.linux-x86_64-2.7/wafw00f
creating build/lib.linux-x86_64-2.7/wafw00f/tests
copying wafw00f/tests/__init__.py -> build/lib.linux-x86_64-2.7/wafw00f/tests
copying wafw00f/tests/test_main.py -> build/lib.linux-x86_64-2.7/wafw00f/tests
creating build/lib.linux-x86_64-2.7/wafw00f/plugins
copying wafw00f/plugins/safe3.py -> build/lib.linux-x86_64-2.7/wafw00f/plugins
copying wafw00f/plugins/nevisproxy.py -> build/lib.linux-x86_64-2.7/wafw00f/plugins
copying wafw00f/plugins/f5bigipasm.py -> build/lib.linux-x86_64-2.7/wafw00f/plugins
copying wafw00f/plugins/missioncontrol.py -> build/lib.linux-x86_64-2.7/wafw00f/plugins
copying wafw00f/plugins/instartdx.py -> build/lib.linux-x86_64-2.7/wafw00f/plugins
...
Installed /usr/local/lib/python2.7/dist-packages/pluginbase-1.0.0-py2.7.egg
Searching for html5lib==1.0.1
Best match: html5lib 1.0.1
Adding html5lib 1.0.1 to easy-install.pth file
Using /usr/lib/python2.7/dist-packages
Finished processing dependencies for wafw00f==1.0.0
Scan web applications with Wafw00f
How does scanning work?
This wafw00f scanning works in three steps given below.
- Sends a normal HTTP request and analyses the response; this identifies several WAF solutions.
- If that is not successful, it sends several (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is.
- If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to the attacks.
Single web address scanning
First, use the command given below to scan a single web address, But you need to link HTTP to your target website, not HTTPS.
wafw00f (target web address)
Multi web address scanning
Multi-web address scanning is the same as single web address scanning, scanning your target one after the other so you can find the firewall of all your target websites at once.
wafw00f url1 [url2 [url3 ... ]]
Find the version
Use the -V option to find the version of your WAF tool.
wafw00f -V
I hope you are fully aware of the WAF tool in this post and let me know through the command section if I did not mention anything you know.