Skip to content

Functionality

Thomas edited this page Dec 23, 2017 · 8 revisions

WhatWaf available arguments and usage

usage: ./whatwaf.py -[u|l] VALUE|PATH -[p|-pl] PAYLOADS --[args]

optional arguments:
  -h, --help            show this help message and exit

mandatory arguments:
  arguments that have to be passed for the program to run

  -u URL, --url URL     Pass a single URL to detect the protection
  -l PATH, --list PATH  Pass a file containing URL's (one per line) to detect
                        the protection

request arguments:
  arguments that will control your requests

  --pa USER-AGENT       Provide your own personal agent to use it for the HTTP
                        requests
  --ra                  Use a random user-agent for the HTTP requests
  --proxy PROXY         Provide a proxy to run behind in the format
                        type://address:port (IE socks5://10.54.127.4:1080
  --tor                 Use Tor as the proxy to run behind, must have Tor
                        installed
  -p PAYLOADS, --payloads PAYLOADS
                        Provide your own payloads separated by a comma IE AND
                        1=1,AND 2=2
  --pl PAYLOAD-LIST-PATH
                        Provide a file containing a list of payloads 1 per
                        line
  --force-ssl           Force the assignment of HTTPS instead of HTTP while
                        processing

misc arguments:
  arguments that don't fit in any other category

  --verbose             Run in verbose mode (more output)
  --hide                Hide the banner during the run
  --update              Update WhatWaf to the newest development version
  -e PAYLOAD TAMPER-SCRIPT-LOAD-PATH, --encode PAYLOAD TAMPER-SCRIPT-LOAD-PATH
                        Encode a provided payload using a provided tamper
                        script
  -el PATH TAMPER-SCRIPT-LOAD-PATH, --encode-list PATH TAMPER-SCRIPT-LOAD-PATH
                        Encode a file containing payloads (one per line) by
                        passing the path and load path
  --save FILENAME       Save the encoded payloads into a file

Argument descriptions

Optional arguments

These arguments aren't really important, but they're good to mention
  • -h/--help
    • Prints the help menu and exits. This will also be the default if no other flags are passed

Mandatory arguments

These arguments have to be passed in order for whatwaf to run
  • -u/--url
    • Pass a singular URL to run the identification and tampering tests on, the URL does not need to be passed with http/https if it is not present, http will be automatically assigned as the protocol
  • -l/--list
    • Pass a textual file containing URL's (one per line). Whatwaf will enumerate through the file and automatically assign a protocol to any URL observed to not have one.

Request arguments

These arguments control your HTTP requests, along with your headers
  • --pa
    • Pass a personal User-Agent in the form of a string to replace the default User-Agent. It's up to you to make sure your User-Agent is in the right format or not
  • --ra
    • Passing this flag will grab a random User-Agent out of content/files/user_agents.txt, there are a total of 4,195 User-Agents available to be chosen from
  • --proxy
    • Pass a proxy to run behind. Whatwaf is compatible with most proxy types such as:
      • socks5
      • socks4
      • http
      • https
  • --tor
    • Pass this flag to use Tor as your proxy. Please be advised that this requires you to have Tor installed on your system and running. It will assume that Tor is on port 9050 and try to connect there as well.
  • -p/--payloads
    • Provide your own payloads for the detection requests. Payloads must be separated by a comma. IE -p="AND 1=1,OR 2=2". This way whatwaf will be able to determine the list by a common denominator.
  • --pl
    • Pass a textual file containing payloads (one per line) whatwaf will enumerate these payloads and use each one for detection requests. It is advised to run behind a proxy or use proxychains if you are going to use this method.
  • --force-ssl
    • Passing this flag will force the URL to run behind HTTPS instead of HTTP.

Misc arguments

Arguments that don't really fit into any other category
  • --verbose
    • Run the program with more output. This will display the status codes for each request, along with each payload produced from the tampering. It will also show each script loaded into the queues. It is advised to run with this flag if you are about to make an issue to further help the developers understand what's going on.
  • --hide
    • Hide the whatwaf banner during running. Will not change anything, just won't display the banner
  • --update
    • Update whatwaf to the newest development version. This flag allows a portable and easy way to keep the program updated without the need of re-cloning or re-downloading.
  • -e/--encode
    • Provide a payload and a tamper script load path to encode the given payload with the tamper obfuscation. The load paths will be given after the successful tampering functions have been found, that way you can just copy and paste them.
  • -el/--encode-list
    • Provide a file path full of payloads to encode into a given tamper script. Must provide two arguments, a path and a tamper load path
  • --save
    • used in conjunction with the list encoding flag, specify a file to save the encoded payloads into
Clone this wiki locally