WAFW00F
WAFW00F WAFW00F is the ultimate WAF fingerprinting toolkit for security testing in CI/CD, sending HTTP probes to detect 200+ WAF vendors like Cloudflare or ModSecurity via response analysis with JSON/CSV outputs for Jenkins/GitHub Actions. Install via pip, run on URLs for signature matching, and evade detection with --noredirect. Open-source from EnableSecurity, it's the WAF woof for pentesters templating firewall recon in pipelines.
Explore →WhatWaf
WhatWaf WhatWaf is the advanced WAF detection and bypass tester for CI, probing URLs with custom payloads to fingerprint protections like Akamai or F5 via evasion techniques and Burp integration for GitLab scans. Deploy via Python CLI for verbose logs, supporting proxy/Tor for stealthy evals. Open-source from Ekultek, it's the WAF whisperer for red teams templating bypass logic in automated recon.
Explore →wafme0w
wafme0w wafme0w is the lightweight Go-based WAF fingerprinter for high-speed CI scans, querying targets concurrently with JSON fingerprints to ID Cloudflare or AWS WAF in Azure DevOps workflows. Run via Docker or binary for bulk URL processing, outputting results for dashboards. Open-source from Lu1sDV, it's the speedy sleuth for devs templating quick WAF audits without overhead.
Explore →IdentYwaf
IdentYwaf IdentYwaf is the blind WAF identifier for stealthy CI testing, using collected fingerprints to detect protections via minimal probes with low false positives for GitHub PR gates. Integrate via Python in pipelines for URL lists, exporting matches to SARIF. Open-source from stamparm, it's the subtle scanner for ops templating passive firewall detection in secure builds.
Explore →WAFFle