Fingerprint Web Application Firewalls with Nmap & Wafw00f [Tutorial]

November 19, 2019 by 35 Comments

How to Detect Web App Firewalls with Wafw00f
Full Tutorial:
Subscribe to Null Byte:
Kody’s Twitter:ย

When a hacker is looking to attack a website or web application, it’s best that they detect any defenses before they make their move. Using Nmap and a handy tool called wafw00f, a hacker can discover a services firewall and then plan accordingly before running their attack. We’ll show you how to use these tools on this episode of Cyber Weapons Lab.

To learn more, check out the article:

Follow Null Byte on:
Weekly newsletter:


35 Replies to “Fingerprint Web Application Firewalls with Nmap & Wafw00f [Tutorial]”

  1. I love how he puts random gibberish names in the titles

  2. Root says:

    First like & comnent

  3. realm says:

    Please do more tutorials with the Raspberry Pi 4 based around hacking.

  4. Please subtitle Indonesia ๐Ÿ™

  5. matej pavlin says:

    First comment ๐Ÿ˜๐Ÿ˜๐Ÿ˜

  6. matej pavlin says:

    Thanks for the info by the way

  7. How to enable monitor mode in all android phones

  8. Red Cloud says:

    i love your channel <3 where can i donate

  9. Joud ayya says:

    Very interesting, thank you very much.๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค๐Ÿ‘โค

  10. Red Cloud says:

    i run kali in a vm but use the root user with the defualt password. is it worth putting a password on the user or adding some sort of security measure there? is there is could you direct me on what or how to do it.

  11. m.nageh says:

    Do a dns-rebinding videoooo plssssssssssssss

  12. flioink says:

    Interesting stuff.
    It'd cool if there was an introduction of how to go after these phishing sites that keep trying to get people's bank info, for noobs.
    That'd be a good cause and a fun exercise.

  13. Fudien Ahmad says:

    Tolong tambahan subtitle bahasa Indonesia

  14. Juan salinas says:

    i find the waff and later how can i bypass them???

  15. Wafw00f not working…. it actually saying for every website no WAF…..

  16. Black Dot says:

    Yeah, Jeffrey Epstein didn't have any defenses.

  17. My friends ๐Ÿง๐Ÿ˜Ž

  18. Akash Karad says:

    I Have to Submit One Assignment About Port Scanning so You Have Any Video For That

  19. Is wafw00f active reconnaissance tool?

  20. Nurb 2Kea says:

    My idea for a video would be:
    The difference and benefits between Pi-Hole and AdGuardHome would be an interesting case/video.
    Because AdGuardHome seems to be more advanced !??
    And this in conjunction with a VPN connection, so your DNS doesn't change the Ethernet Adapter or Router options, but the VPN connection.
    Running it as a Service on Mac against an extra Rasberry-Pi + setups and install.
    AdGuardHome setup is less than 5min. against Rasberry-Pi + setups and install…

    Thanks in advance

  21. J M says:

    Great Vid.. Can you do one on how to remove or edit a web page please?? Thanks in advance…

  22. Ykkdgh Ghk says:

    Hello .. make vidoe on how to creack Password of social media

  23. ess3nt1al says:

    What laptop do you use in this video?

  24. MrTHE453 says:

    What is a good budget laptop for me to get into hacking anybody??

  25. Ajay MOHAN says:

    how do you hack and get somebody's phone number

  26. y2ksw1 says:

    A VPN is not protecting you for this kind of analysis

  27. Hey ! What monitor mode wifi card are you using ?

  28. Isn't that being a script kiddie tho ?

  29. I heard that this guy works with fbi how truth it is who knows …..

Leave a Comment

Your email address will not be published. Required fields are marked *