Skip to content

jeremyctrl/whatwaf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

108 Commits
.github
.github
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

whatwaf

Crates.io License

Heuristic web application firewall (WAF) detector.

whatwaf sends a series of crafted HTTP probe requests to a target site and analyzes the responses for indicators of WAF blocking behavior.

It detects common commercial and open-source firewalls by matching characteristic response headers, patterns, and bodies.

How It Works

whatwaf performs multiple probes, such as SQL injection, XSS, and local file inclusion (LFI) payloads, and compares the target's HTTP responses against known WAF fingerprints.

Detection is based on:

  • HTTP status codes
  • Response headers containing WAF vendor signatures
  • Response bodies containing diagnostic strings or challenge pages
  • Regular-expression matching for vendor-specific phrases

Installation

CLI

Install via Cargo:

cargo install whatwaf

API

Add whatwaf to your project:

cargo add whatwaf

Usage

API

use whatwaf::{scan_url, ScanConfig};

let result = scan_url(
    "https://example.com",
    ScanConfig {
        timeout: 10,
        follow_redirects: true,
        proxy: None,
    },
    None,
)?;

if let Some(last) = result {
    if let Some(waf) = last.detected_waf {
        println!("WAF detected: {}", waf);
    } else {
        println!("No WAF detected");
    }
}

CLI

whatwaf https://example.com

Example

[*] scanning https://example.com
[*] plain request probe: url=https://example.com
        [-] no detection (status=200)
[*] xss probe: url=https://example.com/?q=<script>alert(1)</script>
        [+] waf=cloudflare status=403
[~] the site https://example.com is behind Cloudflare waf

Detections

WAF Vendor Country of Origin
ArvanCloud Abr Arvan 🇮🇷
Astra Astra Security 🇮🇳
ASPA Aspa Engineering Co. 🇮🇷
Barracuda Barracuda Networks, Inc. 🇺🇸
Check Point Application Security Check Point Software Technologies Ltd. 🇮🇱
Cloudflare WAF Cloudflare, Inc. 🇺🇸
Cloudfront WAF Amazon Web Services 🇺🇸
Datadome Datadome 🇫🇷
DDoS-Guard WAF IQWeb FZ-LLC 🇷🇺
DotDefender Applicure Technologies 🇮🇱
FortiWeb Fortinet, Inc. 🇺🇸
Front Door (Azure) WAF Microsoft Corporation 🇺🇸
Incapsula Imperva, Inc. 🇺🇸
Janusec Application Gateway JANUSEC 🇺🇳*
Kona Site Defender Akamai Technologies 🇺🇸
NexusGuard NexusGuard, Inc. 🇸🇬
Radware WAF Radware Ltd. 🇮🇱
SafeLine Chaitin Tech 🇨🇳
Vercel WAF Vercel Inc. 🇺🇸
Sucuri Sucuri, Inc 🇺🇸
Wordfence Defiant Inc. 🇺🇸
Zenedge Oracle Corporation 🇺🇸

*Country of Origin is not clearly documented.

About

Heuristic web application firewall (WAF) detector

crates.io/crates/whatwaf

Topics

web firewall waf fingerprint

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 23

v1.11.2 Latest
Apr 2, 2026
+ 22 releases

Packages

 
 
 

Contributors

Languages