WhatWaf – Detect And Bypass Web Application Firewalls And Protection Systems

WhatWaf is a cyber-security tool with an automated approach built to detect the firewall and protection details on the target domain server. This tool can help the tester to understand the security system used by the target server and can prepare the attack plan through these details. WhatWaf tool is developed in the Python language and can detect more than 50 firewall protection on the target server. So in this article, we will be installing the tool from the GitHub platform and also going through the actual usage of the tool for better understanding.

Note: Before installing the tool make sure you have Python installed on your system, as WhatWaf is a python-based tool. Click to get the installation process of Python on Linux: Python Installation Steps on Linux

Installation of WhatWaf Tool on Kali Linux OS

Step 1: In this step, we will get the WhatWaf tool repository from GitHub open-source platform.

git clone https://github.com/Ekultek/WhatWaf.git

 

Step 2: Use the below cd command to navigate to the WhatWaf tool directory or folder.

cd WhatWaf 

 

Step 3: Execute the below command to download all the Python dependencies and requirements which are associated with the tool.

sudo pip3 install -r requirements.txt

 

Step 4: Run the below command to install the tool via the setup.py file.

python setup.py install

 

Step 5: Execute the below command in the terminal to view and understand the usage of the tool.

whatwaf --help/-h

 

Working with WhatWaf Tool on Kali Linux OS

Example 1: Scanning Target domain

whatweb -u https://hack-yourself-first.com/Make/5?orderby=supercarid

In this example, we have selected the target domain and tried to bypass the firewalls and protecting systems.

 

The tool has detected the type of firewall which is been used by the target domain server.

 

After bypassing we have loaded the tamper payloads on target for getting the information.