-
Notifications
You must be signed in to change notification settings - Fork 448
Home
Whatwaf is a tool that saves pentesters the headache of discovering bypasses for firewalls and detection systems. Whatwaf will attempt to identify a firewall or detection system on a provided list or singular address, web application, after the firewall has been identified whatwaf will attempt some tampering techniques and output a description, example, and load path of successful techniques. From there it is up to you on what you want to do, but whatwaf comes complete with a flag that allows for encoding of payloads, this way you will be able to not only identify the bypasses, but use them as well.
Yes. Whatwaf does work. But keep in mind, just because something works for me doesn't necessarily mean that it is going to work for you. I have a few proof of concepts that you can see by clicking on the provided link. However, if you find that whatwaf is not working as you expected, please create a report about the problem here, and I will do my absolute best to help you.
If you have any questions or concerns that you would rather discuss in private, you may contact the whatwaf developers at [email protected]. Allow 48 hours for a reply to be given.