← 返回命令列表

Linux command

whatwaf 命令

网络

复制后可按需替换文件名、目录或参数。

常用示例

Detect WAF

whatwaf -u [https://example.com]

From file

whatwaf -l [urls.txt]

Use Tor

whatwaf -u [url] --tor

Specific payloads

whatwaf -u [url] --payload "[<script>]"

JSON output

whatwaf -u [url] --json

说明

whatwaf is a security tool that detects Web Application Firewalls (WAFs) protecting websites and suggests potential bypass techniques. It sends various payloads to the target and analyzes responses to fingerprint the specific WAF product in use. Beyond detection, whatwaf provides tamper scripts and evasion suggestions tailored to the identified WAF, helping penetration testers understand what protections they need to work around during authorized assessments. Custom payloads can be specified for targeted testing. The tool supports batch scanning from URL files, Tor network routing for anonymous testing, and JSON output for integration with other security tools. It is intended exclusively for authorized security testing and research.

参数

-u _URL_
Target URL.
-l _FILE_
URL list file.
--tor
Use Tor network.
--payload _PAY_
Custom payload.
--json
JSON output.
--tamper _SCRIPT_
Tamper script.

FAQ

What is the whatwaf command used for?

whatwaf is a security tool that detects Web Application Firewalls (WAFs) protecting websites and suggests potential bypass techniques. It sends various payloads to the target and analyzes responses to fingerprint the specific WAF product in use. Beyond detection, whatwaf provides tamper scripts and evasion suggestions tailored to the identified WAF, helping penetration testers understand what protections they need to work around during authorized assessments. Custom payloads can be specified for targeted testing. The tool supports batch scanning from URL files, Tor network routing for anonymous testing, and JSON output for integration with other security tools. It is intended exclusively for authorized security testing and research.

How do I run a basic whatwaf example?

Run `whatwaf -u [https://example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -u _URL_ do in whatwaf?

Target URL.