WhatWaf is an advanced firewall detection tool who’s goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.
WhatWaf
Features:
+ Ability to run on a single URL with the -u/–url flag
+ Ability to run through a list of URL’s with the -l/–list flag
+ Ability to detect over 40 different firewalls
+ Ability to try over 20 different tampering techniques
+ Ability to pass your own payloads either from a file or from the terminal
+ Payloads that are guaranteed to produce at least one WAF triggering
+ Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques
+ Ability to run behind Tor
+ Ability to run behind multiple proxy types (socks4, socks5, http, https)
+ Ability to use a random user agent, personal user agent, or custom default user agent
+ More to come…
Usage:
git clone https://github.com/ekultek/whatwaf.git cd whatwaf chmod +x whatwaf.py pip2 install -r requirements.txt ./whatwaf.py --help
Source: https://github.com/ekultek