Wafw00f is a popular open-source security tool available in Kali Linux that is used to detect Web Application Firewalls (WAFs). It helps penetration testers and security researchers identify whether a website is protected by a WAF and, in many cases, determine the type of WAF in use. This information is useful during web application security assessments and reconnaissance phases.
In this article, we will explore how to use wafw00f in Kali Linux, along with commonly used commands and options.
What is Wafw00f?
Wafw00f (Web Application Firewall Fingerprinting Tool) works by sending specially crafted HTTP requests and analyzing responses to identify the presence of a WAF. It supports detection of many well-known WAFs such as Cloudflare, Akamai, AWS WAF, and more.
Wafw00f comes pre-installed in Kali Linux, making it easy to start using without additional setup.
Basic Help Command
To view all available options and parameters supported by wafw00f, use the help command:
$ wafw00f -h
This command displays usage instructions, flags, and examples that help you understand how to run the tool effectively.
Scanning a Single URL (No WAF Detected)
When scanning a local or vulnerable web application, wafw00f may show that no WAF is present:
$ wafw00f http://192.168.148.128/dvwa/login.php
In this case, the output indicates no WAF detected, which is common for intentionally vulnerable applications like DVWA.
Scanning a Website with a WAF Detected
When running wafw00f against a protected website, it may detect the WAF along with its type:
$ wafw00f https://example.com
The output will confirm the presence of a WAF and often identify the specific vendor or technology.
Scanning Multiple URLs from a Text File
To scan multiple websites at once, create a .txt file containing a list of URLs (one per line).
Save the file (e.g., waflist.txt) and run:
$ wafw00f -i Desktop/waflist.txt
Wafw00f will scan each URL in the file and display the results individually.
Listing Supported WAFs
To view all the Web Application Firewalls that wafw00f can recognize, use:
$ wafw00f -l
or
$ wafw00f --list
This command outputs a complete list of supported WAFs that the tool can detect.
Detecting WAF Without Identifying Its Type
Sometimes you may only want to confirm the existence of a WAF without fingerprinting it:
$ wafw00f -a microsoft.com
This command verifies that a WAF is present but does not attempt to determine its type.
Finding All Possible WAFs
To aggressively test and identify all possible WAF matches, use:
$ wafw00f --findall https://example.com
This option performs deeper checks and may return multiple possible WAF detections.
Saving Output to a File
To store scan results for documentation or reporting, you can save the output to a text file:
$ wafw00f https://example.com -o output1.txt
This command writes the results directly to output1.txt.
Checking Wafw00f Version
To check the currently installed version of wafw00f, run:
$ wafw00f -V
Keeping track of the version is useful to ensure compatibility and updated WAF signatures.
Additional Useful Options
-v: Enables verbose output--proxy: Scan using a proxy--timeout: Set request timeout--headers: Add custom HTTP headers
These options allow greater control and flexibility during scanning.
Wafw00f is a powerful and easy-to-use tool in Kali Linux for identifying Web Application Firewalls. Whether you are scanning a single website or multiple targets, wafw00f provides valuable insights during web security testing. By understanding its commands and options, security professionals can efficiently perform WAF detection as part of ethical and authorized assessments.
Always ensure you have proper permission before scanning any website.
