Getting Started

Prerequisites

Python 3.11+ (3.13 recommended)
A running WAF target to test against (see Docker Examples for quick setups)

Installation

With pip

pip install -e .

With uv

uv venv && uv pip install -e ".[dev]"

With mise (recommended)

mise manages Python, uv, and task shortcuts:

mise install
mise run install

First Run

Start a WAF target. For example, using the included ModSecurity compose file:

cd examples/modsecurity-nginx
docker compose up -d

Run the full test suite against it:

wafworth run --target http://localhost:8080 --name modsecurity

This loads all test cases from testcases/, sends each request to the target, and produces a console summary plus JSON and Markdown reports in results/.

Next Steps

Writing Test Cases to add your own tests
Running Tests for filtering, concurrency, and output options
Encoding & Auto-Generation to multiply tests across bypass encodings

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Getting Started

Prerequisites

Installation

With pip

With uv

With mise (recommended)

First Run

Next Steps

FilesExpand file tree

getting-started.md

Latest commit

History

getting-started.md

File metadata and controls

Getting Started

Prerequisites

Installation

With pip

With uv

With mise (recommended)

First Run

Next Steps