Hi..Manish Bhardwaj here and today we are going to read/learn about waafw00f a kali linux tool used for detecting web application firewalls(WAF) on a website.
This is a Web Application Firewall Detection Tool.
The tool was written by – Sandro Gauci And G. Henrique.
It will help you detect the WAF ( Web Application Firewall ) behind the any domain.
A WAF will be typically present in a web application where there is Strict Transport Security enabled like a banking website or an e-commerce website. While conducting a pentest, detecting the the WAF comes under recon, and mapping the web application architecture. One should detect the presence of a WAF & evaluate it in case of a Black Box testing. This plays a crucial part in determining the methods to proceed during a Web-Application Penetration Test.
Wafw00f is simply a python tool which automates a set of procedures used in finding a WAF. Wafw00f simply queries a web server with a set of HTTP requests & methods. It analyses the responses from them & detects the firewall in place.
Watch Video Here: