Bug Bounty MCP Server

wafw00f_scan

Identify Web Application Firewall (WAF) protection by scanning target URLs to detect security configurations and bypass opportunities during penetration testing.

Instructions

Execute wafw00f to identify Web Application Firewall (WAF) protection.

Args: target: Target URL findall: Find all possible WAFs proxy: Proxy server to use headers: Custom HTTP headers output_file: Output file path additional_args: Additional wafw00f arguments

Returns: WAF detection results

Input Schema

TableJSON Schema

Name	Required	Description	Default
`additional_args`	No
`findall`	No
`headers`	No
`output_file`	No
`proxy`	No
`target`	Yes

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

src/mcp_server/app.py:1062-1100 (registration)

MCP tool registration and schema definition for 'wafw00f_scan', proxies to REST API /api/wafw00f

def wafw00f_scan(
    target: str,
    findall: bool = False,
    proxy: str = "",
    headers: str = "",
    output_file: str = "",
    additional_args: str = "",
) -> dict[str, Any]:
    """Execute wafw00f to identify Web Application Firewall (WAF) protection.

    Args:
        target: Target URL
        findall: Find all possible WAFs
        proxy: Proxy server to use
        headers: Custom HTTP headers
        output_file: Output file path
        additional_args: Additional wafw00f arguments

    Returns:
        WAF detection results
    """
    data = {
        "target": target,
        "findall": findall,
        "proxy": proxy,
        "headers": headers,
        "output_file": output_file,
        "additional_args": additional_args,
    }

    logger.info(f"🛡️ Starting wafw00f WAF detection on {target}")
    result = api_client.safe_post("api/wafw00f", data)

    if result.get("success"):
        logger.info(f"✅ wafw00f scan completed on {target}")
    else:
        logger.error("❌ wafw00f scan failed")

    return result

src/rest_api_server/tools/wafw00f/wafw00f.py:154-167 (handler)

Core handler function that executes the wafw00f command, parses output, and returns structured results

@tool(required_fields=["target"])
def execute_wafw00f():
    """Execute wafw00f to identify Web Application Firewall (WAF) protection."""
    data = request.get_json()
    params = extract_wafw00f_params(data)

    started_at = datetime.now()
    command = build_wafw00f_command(params)
    execution_result = execute_command(
        " ".join(command), timeout=params.get("timeout", 120)
    )
    ended_at = datetime.now()

    return parse_wafw00f_output(execution_result, params, command, started_at, ended_at)

src/rest_api_server/tools/wafw00f/wafw00f.py:13-24 (helper)

Helper function to extract and validate input parameters for wafw00f tool

def extract_wafw00f_params(data: dict) -> dict:
    """Extract and organize wafw00f parameters from request data."""
    return {
        "target": data["target"],
        "findall": data.get("findall", False),
        "verbose": data.get("verbose", False),
        "proxy": data.get("proxy", ""),
        "headers": data.get("headers", ""),
        "output_file": data.get("output_file", ""),
        "additional_args": data.get("additional_args", ""),
        "timeout": data.get("timeout", 120),
    }

src/rest_api_server/tools/wafw00f/wafw00f.py:27-50 (helper)

Helper function to construct the wafw00f CLI command arguments

def build_wafw00f_command(params: dict) -> list[str]:
    """Build the wafw00f command from parameters."""
    args = ["wafw00f", params["target"]]

    # Add optional parameters
    if params["findall"]:
        args.append("-a")

    if params["verbose"]:
        args.append("-v")

    if params["proxy"]:
        args.extend(["--proxy", params["proxy"]])

    if params["headers"]:
        args.extend(["--headers", params["headers"]])

    if params["output_file"]:
        args.extend(["-o", params["output_file"]])

    if params["additional_args"]:
        args.extend(params["additional_args"].split())

    return args

src/rest_api_server/tools/wafw00f/wafw00f.py:53-121 (helper)

Helper function to parse wafw00f output into structured findings with WAF detection extraction

def parse_wafw00f_output(
    execution_result: dict[str, Any],
    params: dict,
    command: list[str],
    started_at: datetime,
    ended_at: datetime,
) -> dict[str, Any]:
    """Parse wafw00f execution results into structured findings."""
    duration_ms = int((ended_at - started_at).total_seconds() * 1000)

    if not execution_result["success"]:
        return {
            "success": False,
            "tool": "wafw00f",
            "params": params,
            "command": command,
            "started_at": started_at.isoformat(),
            "ended_at": ended_at.isoformat(),
            "duration_ms": duration_ms,
            "error": execution_result.get("error", "Command execution failed"),
            "findings": [],
            "stats": {"findings": 0, "dupes": 0, "payload_bytes": 0},
        }

    # Parse successful output
    stdout = execution_result.get("stdout", "")
    findings = []

    # Extract WAF information from output
    for line in stdout.strip().split("\n"):
        line = line.strip()
        if not line:
            continue

        # Parse WAF findings
        waf_info = _extract_waf_from_line(line)
        if waf_info:
            finding = {
                "type": "waf",
                "target": waf_info.get("waf_name", params["target"]),
                "evidence": {
                    "raw_output": line,
                    "detection_method": waf_info.get("detection_method", "signature"),
                },
                "severity": "info",
                "confidence": waf_info.get("confidence", "medium"),
                "tags": ["wafw00f", "waf-detection"],
                "raw_ref": line,
            }
            findings.append(finding)

    payload_bytes = len(stdout.encode("utf-8"))

    return {
        "success": True,
        "tool": "wafw00f",
        "params": params,
        "command": command,
        "started_at": started_at.isoformat(),
        "ended_at": ended_at.isoformat(),
        "duration_ms": duration_ms,
        "findings": findings,
        "stats": {
            "findings": len(findings),
            "dupes": 0,
            "payload_bytes": payload_bytes,
        },
    }

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions the tool executes wafw00f but doesn't describe key behaviors: whether it's read-only or destructive, if it requires specific permissions, potential rate limits, or how it handles errors. For a security scanning tool with zero annotation coverage, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and appropriately sized: it starts with the core purpose, then lists parameters with brief explanations, and ends with return information. Every sentence adds value, with no wasted words. However, the 'Args:' and 'Returns:' sections could be more integrated into the flow, slightly affecting structure.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (6 parameters, security scanning) and the presence of an output schema, the description is moderately complete. It covers parameters well but lacks behavioral context and usage guidelines. With no annotations and many sibling tools, it should do more to explain the tool's role and constraints, making it adequate but with clear gaps.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description lists all 6 parameters with brief explanations (e.g., 'target: Target URL', 'findall: Find all possible WAFs'), which adds meaningful context beyond the input schema that has 0% description coverage. This compensates well for the schema's lack of descriptions, though it doesn't provide detailed syntax or examples for complex parameters like 'headers' or 'additional_args'.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Execute wafw00f to identify Web Application Firewall (WAF) protection.' It specifies the verb ('execute'), tool ('wafw00f'), and resource ('WAF protection'), making it easy to understand. However, it doesn't differentiate from sibling tools like 'nmap_scan' or 'nikto_scan' that might also detect security features, so it doesn't reach the highest score.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With many sibling tools for scanning and reconnaissance (e.g., 'nmap_scan', 'nikto_scan', 'nuclei_scan'), there's no indication that this is specifically for WAF detection or when it should be preferred over other tools. This lack of context leaves the agent guessing about appropriate use cases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SlanyCukr/bugbounty-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server