-
Notifications
You must be signed in to change notification settings - Fork 449
Functionality
Ekultek edited this page Aug 9, 2018
·
8 revisions
usage: ./whatwaf.py -[u|l|b] VALUE|PATH|PATH -[p|-pl] PAYLOADS --[args]
optional arguments:
-h, --help show this help message and exit
mandatory arguments:
arguments that have to be passed for the program to run
-u URL, --url URL Pass a single URL to detect the protection
-l PATH, --list PATH, -f PATH, --file PATH
Pass a file containing URL's (one per line) to detect
the protection
-b FILE-PATH, --burp FILE-PATH
Pass a Burp Suite request file to perform WAF
evaluation
request arguments:
arguments that will control your requests
--pa USER-AGENT Provide your own personal agent to use it for the HTTP
requests
--ra Use a random user-agent for the HTTP requests
--proxy PROXY Provide a proxy to run behind in the format
type://address:port (IE socks5://10.54.127.4:1080
--tor Use Tor as the proxy to run behind, must have Tor
installed
-p PAYLOADS, --payloads PAYLOADS
Provide your own payloads separated by a comma IE AND
1=1,AND 2=2
--pl PAYLOAD-LIST-PATH
Provide a file containing a list of payloads 1 per
line
--force-ssl Force the assignment of HTTPS instead of HTTP while
processing
--check-tor Check your Tor connection
-H HEADER=VALUE,HEADER=VALUE.., --headers HEADER=VALUE,HEADER=VALUE..
Add your own custom headers to the request. To use
multiple separate headers by comma. Your headers need
to be exact(IE: Set-Cookie=a345ddsswe,X-Forwarded-
For=127.0.0.1)
--throttle THROTTLE-TIME (seconds)
Provide a sleep time per request (default is 0)
--timeout TIMEOUT Control the timeout time of the requests (default is
15)
-P, --post Send a POST request, default request type is GET
-D POST-STRING, --data POST-STRING
Send this data with the POST request (IE
password=123&name=Josh)
encoding options:
arguments that control the encoding of payloads
-e PAYLOAD TAMPER-SCRIPT-LOAD-PATH, --encode PAYLOAD TAMPER-SCRIPT-LOAD-PATH
Encode a provided payload using a provided tamper
script
-el PATH TAMPER-SCRIPT-LOAD-PATH, --encode-list PATH TAMPER-SCRIPT-LOAD-PATH
Encode a file containing payloads (one per line) by
passing the path and load path
output options:
arguments that control how WhatWaf handles output
-F, --format Format the output into a dict and display it
-J, --json Send the output to a JSON file
-Y, --yaml Send the output to a YAML file
-C, --csv Send the output to a CSV file
--fingerprint Save all fingerprints for further investigation
--tamper-int INT Control the amount of tampers that are displayed
(default is 5)
--traffic FILENAME store all HTTP traffic headers into a file of your
choice
misc arguments:
arguments that don't fit in any other category
--verbose Run in verbose mode (more output)
--hide Hide the banner during the run
--update Update WhatWaf to the newest development version
--save FILENAME Save the encoded payloads into a file
--skip Skip checking for bypasses and just identify the
firewall
--verify-num INT Change the default amount (5) to verify if there
really is not a WAF present
-
-h/--help
- Prints the help menu and exits. This will also be the default if no other flags are passed
-
-u URL, --url URL
- Pass a single URL to detect the protection
-
-l PATH, --list PATH, -f PATH, --file PATH
- Pass a file containing URL's (one per line) to detect the protection
-
-b FILE-PATH, --burp FILE-PATH
- Pass a Burp Suite request file to perform WAF evaluation
-
--pa
- Pass a personal User-Agent in the form of a string to replace the default User-Agent. It's up to you to make sure your User-Agent is in the right format or not
-
--ra
- Passing this flag will grab a random User-Agent out of
content/files/user_agents.txt
, there are a total of 4,195 User-Agents available to be chosen from
- Passing this flag will grab a random User-Agent out of
-
--proxy
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
- socks5
- socks4
- http
- https
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
-
--tor
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
9050
and try to connect there as well.
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
-
-p/--payloads
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-p="AND 1=1,OR 2=2"
. This way whatwaf will be able to determine the list by a common denominator.
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-
--pl
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
proxychains
if you are going to use this method.
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
-
--force-ssl
- Passing this flag will force the URL to run behind HTTPS instead of HTTP.
-
-e PAYLOAD TAMPER-SCRIPT-LOAD-PATH, --encode PAYLOAD TAMPER-SCRIPT-LOAD-PATH
- Encode a provided payload using a provided tamper script
-
-el PATH TAMPER-SCRIPT-LOAD-PATH, --encode-list PATH TAMPER-SCRIPT-LOAD-PATH
- Encode a file containing payloads (one per line) by passing the path and load path
-
-F, --format
- Format the output into a dict and display it
-
-J, --json
- Send the output to a JSON file
-
-Y, --yaml
- Send the output to a YAML file
-
-C, --csv
- Send the output to a CSV file
-
--verbose
- Run in verbose mode (more output)
-
--hide
- Hide the banner during the run
-
--update
- Update WhatWaf to the newest development version
-
--save FILENAME
- Save the encoded payloads into a file
-
--skip
- Skip checking for bypasses and just identify the firewall
-
--verify-num INT
- Change the default amount (5) to verify if there really is not a WAF present