Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unwaf will check SPF records.
If you want it to check DNS history records, setup ViewDNS and/or SecurityTrails in Unwaf config file ($HOME/.unwaf.conf). The tool will create an example config file after first execution.
Unwaf is automating the steps I explained on this LinkedIn Post: Passive WAF bypassing
To install Unwaf, use the go install command:
go install github.com/mmarting/unwaf@latestUse -h to display the help for the tool:
unwaf -hUnwaf requires a domain (-d) as the only mandatory parameter. The tool admits the following options:
-d, --domain: The domain to check (required).
-s, --source: The source HTML file to compare (optional).
-c, --config: The config file path (optional, default: $HOME/.wafbypass.conf).
-h, --help: Display help information.
Check a domain:
unwaf --domain example.comCheck a domain with a manually provided HTML file:
unwaf --domain example.com --source original.htmlCheck a domain with a custom location for the config file:
unwaf --domain example.com --config /path/to/configMartín Martín
unwaf is distributed under GPL v3 License.