wafw00f_scan
Identify Web Application Firewall (WAF) protection by scanning target URLs to detect security configurations and bypass opportunities during penetration testing.
Instructions
Execute wafw00f to identify Web Application Firewall (WAF) protection.
Args: target: Target URL findall: Find all possible WAFs proxy: Proxy server to use headers: Custom HTTP headers output_file: Output file path additional_args: Additional wafw00f arguments
Returns: WAF detection results
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| additional_args | No | ||
| findall | No | ||
| headers | No | ||
| output_file | No | ||
| proxy | No | ||
| target | Yes |
Implementation Reference
- src/mcp_server/app.py:1062-1100 (registration)MCP tool registration and schema definition for 'wafw00f_scan', proxies to REST API /api/wafw00fdef wafw00f_scan( target: str, findall: bool = False, proxy: str = "", headers: str = "", output_file: str = "", additional_args: str = "", ) -> dict[str, Any]: """Execute wafw00f to identify Web Application Firewall (WAF) protection. Args: target: Target URL findall: Find all possible WAFs proxy: Proxy server to use headers: Custom HTTP headers output_file: Output file path additional_args: Additional wafw00f arguments Returns: WAF detection results """ data = { "target": target, "findall": findall, "proxy": proxy, "headers": headers, "output_file": output_file, "additional_args": additional_args, } logger.info(f"🛡️ Starting wafw00f WAF detection on {target}") result = api_client.safe_post("api/wafw00f", data) if result.get("success"): logger.info(f"✅ wafw00f scan completed on {target}") else: logger.error("❌ wafw00f scan failed") return result
- Core handler function that executes the wafw00f command, parses output, and returns structured results@tool(required_fields=["target"]) def execute_wafw00f(): """Execute wafw00f to identify Web Application Firewall (WAF) protection.""" data = request.get_json() params = extract_wafw00f_params(data) started_at = datetime.now() command = build_wafw00f_command(params) execution_result = execute_command( " ".join(command), timeout=params.get("timeout", 120) ) ended_at = datetime.now() return parse_wafw00f_output(execution_result, params, command, started_at, ended_at)
- Helper function to extract and validate input parameters for wafw00f tooldef extract_wafw00f_params(data: dict) -> dict: """Extract and organize wafw00f parameters from request data.""" return { "target": data["target"], "findall": data.get("findall", False), "verbose": data.get("verbose", False), "proxy": data.get("proxy", ""), "headers": data.get("headers", ""), "output_file": data.get("output_file", ""), "additional_args": data.get("additional_args", ""), "timeout": data.get("timeout", 120), }
- Helper function to construct the wafw00f CLI command argumentsdef build_wafw00f_command(params: dict) -> list[str]: """Build the wafw00f command from parameters.""" args = ["wafw00f", params["target"]] # Add optional parameters if params["findall"]: args.append("-a") if params["verbose"]: args.append("-v") if params["proxy"]: args.extend(["--proxy", params["proxy"]]) if params["headers"]: args.extend(["--headers", params["headers"]]) if params["output_file"]: args.extend(["-o", params["output_file"]]) if params["additional_args"]: args.extend(params["additional_args"].split()) return args
- Helper function to parse wafw00f output into structured findings with WAF detection extractiondef parse_wafw00f_output( execution_result: dict[str, Any], params: dict, command: list[str], started_at: datetime, ended_at: datetime, ) -> dict[str, Any]: """Parse wafw00f execution results into structured findings.""" duration_ms = int((ended_at - started_at).total_seconds() * 1000) if not execution_result["success"]: return { "success": False, "tool": "wafw00f", "params": params, "command": command, "started_at": started_at.isoformat(), "ended_at": ended_at.isoformat(), "duration_ms": duration_ms, "error": execution_result.get("error", "Command execution failed"), "findings": [], "stats": {"findings": 0, "dupes": 0, "payload_bytes": 0}, } # Parse successful output stdout = execution_result.get("stdout", "") findings = [] # Extract WAF information from output for line in stdout.strip().split("\n"): line = line.strip() if not line: continue # Parse WAF findings waf_info = _extract_waf_from_line(line) if waf_info: finding = { "type": "waf", "target": waf_info.get("waf_name", params["target"]), "evidence": { "raw_output": line, "detection_method": waf_info.get("detection_method", "signature"), }, "severity": "info", "confidence": waf_info.get("confidence", "medium"), "tags": ["wafw00f", "waf-detection"], "raw_ref": line, } findings.append(finding) payload_bytes = len(stdout.encode("utf-8")) return { "success": True, "tool": "wafw00f", "params": params, "command": command, "started_at": started_at.isoformat(), "ended_at": ended_at.isoformat(), "duration_ms": duration_ms, "findings": findings, "stats": { "findings": len(findings), "dupes": 0, "payload_bytes": payload_bytes, }, }