1. WAF Detector

WAF Detector

About this tool

Discover if a website is protected by a web application firewall (WAF).

Detecting which web application firewall is used by a website is an important step in the information gathering phase of a penetration test. A pentester may want to know which WAF is used by a website in order to adapt his attacks for a successful bypass.

A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site scripting (XSS), directory traversal, and SQL injection, among others.


  • Target URL: This is the URL of the website that will be scanned. All URLs must start with http:// or https://.

How it works

The tool tries to trigger custom responses from a Web Application Firewall by using a series of techniques.

  • We send a series of non-harmful requests that look like attacks. We analyze the responses and check if any of them match known WAFs.

  • If no match is found, we compare the contents of the HTTP responses for a benign and injected request. If things like the status code and Server header are different, there might be a WAF in play. This case warrants manual investigation.

  • A variation of the previous case is when the server stops responding to an injected request. It might indicate that malicious requests are dropped altogether. Again, you should investigate this manually.