Monday, March 4, 2024

WAFW00F – Web Application Firewall Detection Tool Using Kali Linux

Web application attacks expanding day by day, Attacker wants to exploit flaws in their applications, and Website administrator best way to detect attackers’ footprints in websites’ Web Application Firewall.

This will be detecting and block the specific patterns on the web applications. Pentester, well never exweb applications abilities on application rather he/she might be identifying the presence of a Web Application Firewall.


  • WAFW00f is the inbuilt tool in Kali distribution or else you can install it manually.
  • It can detect around the Top 22 web application firewalls, so wafw00f is a phase of information gathering initially.

Limitations of WAFW00F

  • The above-seen figure describes the list of web application firewalls that will be identified or detected by Wafw00f.

Also Read XSSer automated framework to detect, exploit and report XSS vulnerabilities

Presence of Web Application Firewall

  • The above-shown figure shows a pentester or attacker-identified web application firewall presence.
  • Here blocking is being done at the connection or packet level.

Identifying specific firewall

  • If a pentester knows how to bypass mod_security and if/she wants to know the presence of mod security.

  • So you can use wafw00f url -t Firewallname.
  • Above shown figure, Pentester has observed there is no ModSecurity in the web application.

So it’s always good to Identify the barriers in web applications before you exploit them.

Checking for XML-RPC

XML-RPC is a remote procedure call (RPC) protocol that utilizes XML to encode its calls and HTTP as a transport mechanism.

“XML-RPC” also refers generically to the use of XML for remote procedure calls, separately from the specific protocol.

Also Read How to Do Penetration Testing with Your WordPress Website for a detailed Explanation


Latest articles

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles