v2.4.2

What's Changed

• Removes setup.py to fix tool installations when building locally.
• Updated the latest supported versions of Python (≥3.10).

New WAF signature updates:

• Vercel WAF
• Reflected Networks WAF

Improvements to existing signatures:

• Tencent WAF

Full Changelog: v2.4.1...v2.4.2

v2.4.1

What's Changed

Fix timeout enforcement during response body reading to properly handle slow streaming servers.

Bug Fix

• Timeout enforcement: The --timeout parameter is now properly enforced during response body reading, not just during connection establishment. This fixes the issue where slow-streaming servers could cause scans to take over 2 minutes instead of respecting the user-specified timeout.

Changes

• Track elapsed time during chunk reading loop
• Break out of reading loop if timeout is exceeded during reading
• Add test documenting timeout enforcement behavior

This addresses the follow-up report on issue #246 where v2.4.0 fixed infinite hangs but didn't respect timeout during slow streaming.

Full Changelog: v2.4.0...v2.4.1

v2.4.0

New WAF detections

• Anubis (Techaro)
• Scutum (Secure Sky Technology)
• 360PanYun (360 Technologies)
• ThreatX (A10 Networks)
• Link11 WAAP

Improvements

• Fastly detection improvements (tighter regex for X-Served-By)
• Added pytest test framework with 45 tests
• Added pyproject.toml for modern Python packaging
• Removed pluginbase dependency (use stdlib importlib)

Fixes

• Fixed infinite hang on streaming responses (#246)
• Improved -t option help text (#243)

Other

• Updated copyright years to 2026
• Updated Python requirement to 3.8+

WAFW00F v2.3.2: Minor Subrelease

What's Changed

New WAF detections:

• Baffin Bay
• Link11 WAAP
• A10 Networks WAF
• PanYun WAF

Improvements to existing modules:

• More specific cookie matching for F5 ASM

Full Changelog: v2.3.1...v2.3.2

WAFW00F v2.3.1 Release

Minor sub-release with the following fixes:

• setup.py installs wafw00f binary twice by @blshkv in #223

WAFW00F v2.3.0 Release

What's New?

• We dropped support for Python 2 completely.
• PIP 24.3 compatibility.
• Couple of new interesting WAFs detections!

WAFW00F v2.2 Release!

This release brings the following features to the repository:

• New features like docker support and output format fixes.
• Several new bug fixes and stability to the existing code.
• Few new WAF detections.

WAFW00F v2.1.0

This update brings input and output file features to WafW00f! So now we have:

• Input from JSON, CSV and TXT files to specify which URLs to scan by making use of the -i flag
• Output to JSON, CSV, TXT files by making use of the -o flag
• Clean standard output when passing -o - as a flag to wafw00f
• New WAF detections included

WAFW00F v2.0 - Emporium

Here are some of the highlights from this release:

• Entire code infrastructure of WAFW00F refactored and engine rewritten.
• WAFW00F can now detect 150+ WAFs (largest detection database till now).
• Every WAF plugin now has multiple methods for fingerprinting & detection.
• Improvement to the generic WAF detection modules.
• Major changes and improvements in the existing fingerprints.
• Fantastic newer ASCII art with beautiful ANSI colors.

detect all the WAFs!

• version bumped to 1.0.0 after 10 years that this tool has been available
• number of WAFs being detected bumped to 112 thanks to @0xInfection
• many WAF plugins now have multiple methods of detection
• fixed a number of reported issues and bugs identified during testing and analysis
• general improvement of attack methods
• removed some old checks that were not accurate
• new ASCII art with amazing ANSI colors

This update was possible thanks to @0xInfection 's new WAF detections, polishing of existent ones, fixes of a number of bugs and the ASCII art of course!