NAME

       wafw00f - identify and fingerprint Web Application Firewall products

SYNOPSIS

       wafw00f url1 [url2 [url3 ... ]]

DESCRIPTION

       Identifies and fingerprints Web Application Firewall (WAF) products:

       To do its magic, WAFW00F does the following:
              Sends  a  normal HTTP request and analyses the response; this identifies a number of WAF solutions
              If that is not successful, it sends a number of (potentially malicious)  HTTP  requests  and  uses
              simple  logic  to deduce which WAF it is If that is also not successful, it analyses the responses
              previously returned and uses another simple algorithm to guess if a WAF or  security  solution  is
              actively responding to our attacks

OPTIONS

       -h, --help
              Show available options

       -v, --verbose
              Enable verbosity - multiple -v options increase verbosity

       -a, --findall
              Find all WAFs, do not stop testing on the first one

       -r, --disableredirect
              Do not follow redirections given by 3xx responses

       -t TEST, --test=TEST
              Test for one specific WAF

       -l, --list
              List all WAFs that we are able to detect

       -p PROXY, --proxy=PROXY
              Use an HTTP proxy to perform requests, example: http://hostname:8080, socks5://hostname:1080

       -V, --version
              Print out the version

       -H HEADERSFILE, --headersfile=HEADERSFILE
              Pass custom headers, for example to overwrite the default User-Agent string

AUTHORS

       Sandro Gauci
       Wendel G. Henrique

       This  manpage was written by Daniel Echeverry and Samuel Henrique for the Debian Project (but may be used
       by others), it was based on wafw00f's help output.

wafw00f                                           November 2017                                       WAFW00F(8)