-
Notifications
You must be signed in to change notification settings - Fork 451
Functionality
Thomas edited this page Dec 21, 2017
·
8 revisions
optional arguments:
-h, --help show this help message and exit
mandatory arguments:
arguments that have to be passed for the program to run
-u URL, --url URL Pass a single URL to detect the protection
-l PATH, --list PATH Pass a file containing URL's (one per line) to detect
the protection
request arguments:
arguments that will control your requests
--pa USER-AGENT Provide your own personal agent to use it for the HTTP
requests
--ra Use a random user-agent for the HTTP requests
--proxy PROXY Provide a proxy to run behind in the format
type://address:port (IE socks5://10.54.127.4:1080
--tor Use Tor as the proxy to run behind, must have Tor
installed
-p PAYLOADS, --payloads PAYLOADS
Provide your own payloads separated by a comma IE AND
1=1,AND 2=2
--pl PAYLOAD-LIST-PATH
Provide a file containing a list of payloads 1 per
line
--force-ssl Force the assignment of HTTPS instead of HTTP while
processing
misc arguments:
arguments that don't fit in any other category
--verbose Run in verbose mode (more output)
--hide Hide the banner during the run
--update Update WhatWaf to the newest development version
--encode PAYLOAD TAMPER-SCRIPT-LOAD-PATH
Encode a provided payload using a provided tamper
script
-
-h/--help
- Prints the help menu and exits. This will also be the default if no other flags are passed
-
-u/--url
- Pass a singular URL to run the identification and tampering tests on, the URL does not need to be passed with
http/https
if it is not present,http
will be automatically assigned as the protocol
- Pass a singular URL to run the identification and tampering tests on, the URL does not need to be passed with
-
-l/--list
- Pass a textual file containing URL's (one per line). Whatwaf will enumerate through the file and automatically assign a protocol to any URL observed to not have one.
-
--pa
- Pass a personal User-Agent in the form of a string to replace the default User-Agent. It's up to you to make sure your User-Agent is in the right format or not
-
--ra
- Passing this flag will grab a random User-Agent out of
content/files/user_agents.txt
, there are a total of 4,195 User-Agents available to be chosen from
- Passing this flag will grab a random User-Agent out of
-
--proxy
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
- socks5
- socks4
- http
- https
- Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
-
--tor
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
9050
and try to connect there as well.
- Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port
-
-p/--payloads
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-p="AND 1=1,OR 2=2"
. This way whatwaf will be able to determine the list by a common denominator.
- Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE
-
--pl
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
proxychains
if you are going to use this method.
- Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use
-
--force-ssl
- Passing this flag will force the URL to run behind HTTPS instead of HTTP.
-
--verbose
- Run the program with more output. This will display the status codes for each request, along with each payload produced from the tampering. It will also show each script loaded into the queues. It is advised to run with this flag if you are about to make an issue to further help the developers understand what's going on.
-
--hide
- Hide the whatwaf banner during running. Will not change anything, just won't display the banner
-
--update
- Update whatwaf to the newest development version. This flag allows a portable and easy way to keep the program updated without the need of re-cloning or re-downloading.
-
--encode
- Provide a payload and a tamper script load path to encode the given payload with the tamper obfuscation. The load paths will be given after the successful tampering functions have been found, that way you can just copy and paste them.