Detect and bypass web application firewalls and protection systems
Completely deprecates setup.sh in favor of setup.py
Creates setup.py
Bunch of issue fixes with a few new wafs added into it enjoy
This release gives whatwaf a database. The database will cache all URL's and payloads that are drafted through whatwaf. You can have whatwaf check against the cached URL's or scan like normal, the default is to scan like normal. Newest arguments:
database arguments:
arguments that pertain to Whatwafs database
-c, --url-cache Check against URL's that have already been cached into
the database before running them saves some time on
scanning multiple (*default=False)
-pC, --payload-cache View all payloads that have been cached inside of the
database
The first release of whatwaf!
WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.
Payloads encoded through whatwaf will be saved in a database for future use. You can view the encoded payloads by running -vC. Every time you encode a payload it is checked against the payloads currently in the database to prevent duplicates from being stored.