Skip to content
Ekultek edited this page Dec 18, 2018 · 9 revisions

What is WhatWaf

Whatwaf is a tool that saves pentesters the headache of discovering bypasses for firewalls and detection systems. Whatwaf will attempt to identify a firewall or detection system on a provided list or singular address, web application, after the firewall has been identified whatwaf will attempt some tampering techniques and output a description, example, and load path of successful techniques. From there it is up to you on what you want to do, but whatwaf comes complete with a flag that allows for encoding of payloads, this way you will be able to not only identify the bypasses, but use them as well.

Does this work?

Yes. Whatwaf does work. But keep in mind, just because something works for me doesn't necessarily mean that it is going to work for you. I have a few proof of concepts that you can see by clicking on the provided link. However, if you find that whatwaf is not working as you expected, please create a report about the problem here, and I will do my absolute best to help you.

Questions better discussed in private?

If you have any questions or concerns that you would rather discuss in private, you may contact the whatwaf developers at staysaltyy@protonmail.com. Allow 48 hours for a reply to be given.

Useful links

Clone this wiki locally