From 12a58497818b2c0e11ddb963412d678d2a8aa2a8 Mon Sep 17 00:00:00 2001
From: Fazle Arefin <fazlearefin@users.noreply.github.com>
Date: Mon, 29 Jul 2024 02:49:56 +1000
Subject: [PATCH] whatwaf: add page (#13313)

Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>
Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com>
---
 pages/common/whatwaf.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 pages/common/whatwaf.md

diff --git a/pages/common/whatwaf.md b/pages/common/whatwaf.md
new file mode 100644
index 000000000..12c7567c4
--- /dev/null
+++ b/pages/common/whatwaf.md
@@ -0,0 +1,32 @@
+# whatwaf
+
+> Detect and bypass web application firewalls and protection systems.
+> More information: <https://github.com/Ekultek/WhatWaf>.
+
+- Detect protection on a single [u]RL, optionally use verbose output:
+
+`whatwaf --url {{https://example.com}} --verbose`
+
+- Detect protection on a [l]ist of URLs in parallel from a file (one URL per line):
+
+`whatwaf --threads {{number}} --list {{path/to/file}}`
+
+- Send requests through a proxy and use custom payload list from a file (one payload per line):
+
+`whatwaf --proxy {{http://127.0.0.1:8080}} --pl {{path/to/file}} -u {{https://example.com}}`
+
+- Send requests through Tor (Tor must be installed) using custom [p]ayloads (comma-separated):
+
+`whatwaf --tor --payloads '{{payload1,payload2,...}}' -u {{https://example.com}}`
+
+- Use a random user-agent, set throttling and timeout, send a [P]OST request, and force HTTPS connection:
+
+`whatwaf --ra --throttle {{seconds}} --timeout {{seconds}} --post --force-ssl -u {{http://example.com}}`
+
+- List all WAFs that can be detected:
+
+`whatwaf --wafs`
+
+- List all available tamper scripts:
+
+`whatwaf --tampers`