Web Application Firewall Detector

Character with goggles that can see vulnerabilities

Unlock full capabilities

There's so much you can do with this tool!
Plus, access to it means full access to all 20+ tools on the platform.

Find out which WAF your target is using and how effective it is. Our WAF detection tool triggers and detects the web application firewall – and then tries to bypass it by finding the Origin IP.

Get actionable recon information for manual investigation and customizing payloads. Whenever it can, our WAF Detector gives you the IP of the origin server behind the firewall so you can send requests directly to it.

Paid plans give you access to its full capabilities, plus other 20+ security testing tools and features.


Sample Web Application Firewall Detector report

Each scan with our web based WAF Detector generates detailed results which are easy to export in PDF, HTML, CSV, JSON, or XLSX reports. Each report includes:

  • WAF name and vendor

    Fingerprint web application firewall technology to assess how difficult it might be to exploit your target.

  • Replay attack

    Reports also include a one-click Replay Attack option that gives you direct access to the result the triggered WAF returns.

  • Origin IP

    Whenever it can harvest it, WAF Detector results also include the IP of the origin server behind the firewall, making it easy to bypass the firewall.

Web Application Firewall Detector Report Sample

Better vulnerability discovery.Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com offers faster pentest reporting and better vulnerability discovery.

Scanning capabilities

How our Web Application Firewall Detector works

  1. 1

    Non-harmful attack simulation

    To detect the web application firewall behind your target, our tool simulates common web attacks against the web app (i.e. XSS, SQLi, Local File Inclusion, OS Command Injection). For each simulated attack, it tries to match the HTTP response to a known WAF using both open-source and custom WAF signatures.

  2. 2

    Origin IP reconnaissance and port scanning

    Our WAF Detector tool actively tries to discover the origin IP behind a web application firewall. It first collects candidate origin IP addresses based on historical IP addresses the target hostname resolved to. It then probes these IPs with small port scans (ports 80, 443, 8080, and 8443) that focus on HTTP servers . Comparing the responses from these servers to a normal (i.e. non-firewall) response, the WAF detection tool zeroes in on the ones with the highest similarity. Finally, by re-simulating an attack, the detector identifies the IP with the most similar response that doesn't trigger the WAF.

  3. 3

    Built-in option for reducing scan errors

    If your target has multiple redirects, enabling the Follow redirects option can help you automatically avoid scanning errors.

Use cases

What you can do with the Web Application Firewall Detector

  • Craft more powerful payloads

    Detecting the firewall that’s protecting a web app should be a no-fuss recon step, so you can spend more time tailoring your payloads for bypasses. That’s why our WAF Detector is ready to use out of the box. No scripting, no configuration, no waiting time. All you need is a browser and a Pentest-Tools.com plan.

  • Assess the target independent of its WAF

    Automatically getting the web app’s real IP address saves you tons of time. Instead of trying to bypass the WAF or comb through WAF-filtered results (that may be false positives), you can focus on testing the underlying server with a full suite of attacks.
  • Make sure the web app and WAF are configured correctly

    A properly set up web application firewall will return zero interesting results after our tool tries to fingerprint it. This implies it can effectively reject malicious requests frequently used by prevalent threats such as Cross-Site Scripting (XSS), SQL Injection (SQLi), Local File Inclusion (LFI), and Operating System Command Injection. WAF Detector results can confirm your web application is designed to deny any requests that don't originate from the firewall.

We built the Web Application Firewall Detector for

  • Offensive security teams who need to do quick web application firewall fingerprinting, automate reconnaissance steps and other repetitive tasks, and produce easy to read reports from a consolidated list of scan results.

  • Defensive security teams who need to make sure web applications are correctly configured and protected against malicious requests and exploits, and push any proof of exposure to those who can solve them.

  • System builders and admins who need to validate proper web app implementation and correct WAF configuration before any launches and changes.


Common questions about the Web Application Firewall Detector

Yes, you can use the WAF Detector through the Pentest-Tools.com API.