Determining WAF for a Site(HTTPS)

Hi all!
How can we determining if a site (HTTPS) has WAF?
I’m trying to use nmap but no use.
I’m aware of WAFWOOF and softwares like that but I’m not sure if that’s helpful and don’t wannt indulge in setting up the system.

thanks in advance!


What command are you using?

nmap –script=http-waf-fingerprint

There are other tools that you can use also if you wish. I’m not sure about WAFWOOF but in WHATWAF it’s:

./whatwaf -u

1 Like