-
Notifications
You must be signed in to change notification settings - Fork 449
Functionality
Ekultek edited this page Jul 16, 2019
·
8 revisions
usage: ./whatwaf.py -[u|l|b|g] VALUE|PATH|PATH|PATH [-p|--pl] PAYLOAD,..|PATH [--args]
optional arguments:
-h, --help show this help message and exit
mandatory arguments:
arguments that have to be passed for the program to run
-u URL, --url URL Pass a single URL to detect the protection
-l PATH, --list PATH, -f PATH, --file PATH
Pass a file containing URL's (one per line) to detect
the protection
-b FILE-PATH, --burp FILE-PATH
Pass a Burp Suite request file to perform WAF
evaluation
-g GOOGLER-JSON-FILE, --googler GOOGLER-JSON-FILE
Pass a JSON file from the Googler CMD line tool (IE
googler -n 100 --json >> googler.json)
request arguments:
arguments that will control your requests
--pa USER-AGENT Provide your own personal agent to use it for the HTTP
requests
--ra Use a random user-agent for the HTTP requests
-H HEADER=VALUE,HEADER:VALUE.., --headers HEADER=VALUE,HEADER:VALUE..
Add your own custom headers to the request. To use
multiple separate headers by comma. Your headers need
to be exact(IE: Set-Cookie=a345ddsswe,X-Forwarded-
For:127.0.0.1)
--proxy PROXY Provide a proxy to run behind in the format
type://address:port (IE socks5://10.54.127.4:1080
--tor Use Tor as the proxy to run behind, must have Tor
installed
--check-tor Check your Tor connection
-p PAYLOADS, --payloads PAYLOADS
Provide your own payloads separated by a comma IE AND
1=1,AND 2=2
--pl PAYLOAD-LIST-PATH
Provide a file containing a list of payloads 1 per
line
--force-ssl Force the assignment of HTTPS instead of HTTP while
processing (*default=HTTP unless otherwise specified
by URL)
--throttle THROTTLE-TIME (seconds)
Provide a sleep time per request (*default=0)
--timeout TIMEOUT Control the timeout time of the requests (*default=15)
-P, --post Send a POST request (*default=GET)
-D POST-STRING, --data POST-STRING
Send this data with the POST request (IE
password=123&name=Josh *default=random)
-t threaded, --threaded threaded
Send requests in parallel (specify number of threads
*default=1)
-tP CONFIGTORPORT, --tor-port CONFIGTORPORT
Change the port that Tor runs on (*default=9050)
-T, --test Test the connection to the website before starting
(default is True)
encoding options:
arguments that control the encoding of payloads
-e PAYLOAD [TAMPER-SCRIPT-LOAD-PATH ...], --encode PAYLOAD [TAMPER-SCRIPT-LOAD-PATH ...]
Encode a provided payload using provided tamper
script(s) you are able to payy multiple tamper script
load paths to this argument and the payload will be
tampered as requested
-el PATH TAMPER-SCRIPT-LOAD-PATH, --encode-list PATH TAMPER-SCRIPT-LOAD-PATH
Encode a file containing payloads (one per line) by
passing the path and load path, files can only encoded
using a single tamper script load path
output options:
arguments that control how WhatWaf handles output
-F, --format Format the output into a dict and display it
-J, --json Send the output to a JSON file
-Y, --yaml Send the output to a YAML file
-C, --csv Send the output to a CSV file
--fingerprint Save all fingerprints for further investigation
--tamper-int INT Control the amount of tampers that are displayed
(*default=5)
--traffic FILENAME store all HTTP traffic headers into a file of your
choice
--force-file Force the creation of a file even if there is no
protection identified
-o DIR, --output DIR Save a copy of the file to an arbitrary directory
database arguments:
arguments that pertain to Whatwafs database
-c, --url-cache Check against URL's that have already been cached into
the database before running them saves some time on
scanning multiple (*default=False)
-uC, --view-url-cache
Display all the URL cache inside of the database, this
includes the netlock, tamper scipts, webserver, and
identified protections
-pC, --payload-cache View all payloads that have been cached inside of the
database
-vC, --view-cache View all the cache in the database, everything from
URLs to payloads
--export FILE-TYPE Export the already encoded payloads to a specified
file type and save them under the home directory
misc arguments:
arguments that don't fit in any other category
--verbose Run in verbose mode (more output)
--hide Hide the banner during the run
--update Update WhatWaf to the newest development version
--save FILENAME Save the encoded payloads into a file
--skip Skip checking for bypasses and just identify the
firewall
--verify-num INT Change the request amount to verify if there really is
not a WAF present(*default=5)
-W, --determine-webserver
Attempt to determine what web server is running on the
backend (IE Apache, Nginx, etc.. *default=False)
--wafs Output a list of possible firewalls that can be
detected by this program
--tampers Output a list of usable tamper script load paths
-
-h/--help
- Prints the help menu and exits. This will also be the default if no other flags are passed
-
-u URL, --url URL
- Pass a single URL to detect the protection
-
-l PATH, --list PATH, -f PATH, --file PATH
- Pass a file containing URL's (one per line) to detect the protection
-
-b FILE-PATH, --burp FILE-PATH
- Pass a Burp Suite request file to perform WAF evaluation
-
--pa
- Pass a personal User-Agent in the form of a string to replace the default User-Agent. It's up to you to make sure your User-Agent is in the right format or not
-
--ra
- Passing this flag will grab a random User-Agent out of
content/files/user_agents.txt
, there are a total of 4,195 User-Agents available to be chosen from
- Passing this flag will grab a random User-Agent out of
-
--proxy
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
- socks5
- socks4
- http
- https
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
-
--tor
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
9050
and try to connect there as well.
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
-
-p/--payloads
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-p="AND 1=1,OR 2=2"
. This way whatwaf will be able to determine the list by a common denominator.
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-
--pl
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
proxychains
if you are going to use this method.
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
-
--force-ssl
- Passing this flag will force the URL to run behind HTTPS instead of HTTP.
-
-e PAYLOAD TAMPER-SCRIPT-LOAD-PATH, --encode PAYLOAD TAMPER-SCRIPT-LOAD-PATH
- Encode a provided payload using a provided tamper script
-
-el PATH TAMPER-SCRIPT-LOAD-PATH, --encode-list PATH TAMPER-SCRIPT-LOAD-PATH
- Encode a file containing payloads (one per line) by passing the path and load path
-
-F, --format
- Format the output into a dict and display it
-
-J, --json
- Send the output to a JSON file
-
-Y, --yaml
- Send the output to a YAML file
-
-C, --csv
- Send the output to a CSV file
-
-c, --url-cache
- Check against URL's that have already been cached into the database before running them saves some time on scanning multiple (*default=False)
-
-uC, --view-url-cache
- Display all the URL cache inside of the database, this includes the netlock, tamper scipts, webserver, and identified protections
-
-pC, --payload-cache
- View all payloads that have been cached inside of the database
-
-vC, --view-cache
- View all the cache in the database, everything from URLs to payloads
-
--export FILE-TYPE
- Export the already encoded payloads to a specified file type and save them under the home directory
-
--verbose
- Run in verbose mode (more output)
-
--hide
- Hide the banner during the run
-
--update
- Update WhatWaf to the newest development version
-
--save FILENAME
- Save the encoded payloads into a file
-
--skip
- Skip checking for bypasses and just identify the firewall
-
--verify-num INT
- Change the default amount (5) to verify if there really is not a WAF present