WARF Web Application Reconnaissance Framework
WARF Web Application Reconnaissance Framework

WARF: Web Application Reconnaissance Framework

WARF is a Recon framework for the web application. It comprises different tools to perform information gathering on the target such as subdomain enumeration, directory Bruteforce, gathering all sorts of endpoints like Wayback URLs, JS URLs, endpoints from JS files, API/Secret keys, etc.

WARF is highly customizable and allows you to perform a full scan or individual scan on the target. It accumulates the results and shows them in a powerful DataTable through which you can narrow down your searches. WARF also give you the option to add and save target individually and perform different scans on them.

With a Dashboard, you will quickly get the metrics of your activity. WARF confined all your targets together and provide you with a clean and efficient way to search them down with their names.

Main Features

  • Subdomain Enumeration
  • Directory BruteForce
  • Gather Wayback URLs
  • Gather JavaScript URLs
  • Extract links from JS files
  • Extract API/Secret Keys from JS files
  • Supports Background Scan
Username: demo
Password: demopass

⚠️ Since Heroku apps run in a lightweight container called dynos, so any changes to the filesystem while the dyno is running only last until that dyno is shut down or restarted. This operation causes the saved scan results to get deleted from the server and hence you won’t be able to see the saved results. Due to this limitation of file storage, the live version of app deployed in Heroku is not stable and might throw errors while performing some operations.



FullScan by warf
FullScan by warf

Subdomain Enumeration

Subdomain Enumeration by WARF
Subdomain Enumeration by WARF

Add Target

Add Target by WARF
Add Target by WARF

View Target

View Target by WARF
View Target by WARF

View Details

View Details by WARF
View Details by WARF

View Result

View Result by WARF
View Result by WARF


You can install WARF in two ways:-

By creating a python virtual environment and git cloning the repository.

  • Create a virtualenv:
$ python3 -m venv <virtual env path>
  • Activate the virtualenv you have just created:
$ source <virtual env path>/bin/activate
  • Clone this repository:
$ git clone https://github.com/iamnihal/warf.git
  • Install the requirements:
$ pip install -r requirements.txt
  • Apply migrations:
$ python manage.py migrate

Run the server:

$ python manage.py runserver

and load the app at

Using Docker

If you don’t have Docker installed on your system, you can follow up with the official Docker installation guide.

  • Start by cloning the repository:
$ git clone https://github.com/iamnihal/warf.git
  • Build the Docker image:
$ docker build -t warf .
  • Build and run Docker container:
$ docker run --name warf -d -p 8000:8000 warf

and now your app is ready to launch at

⚠️ Warning:- Change SECRET_KEY in settings.py for the security purpose. To generate your own SECRET_KEY, use this:-

python -c "import secrets; print(secrets.token_urlsafe())"
Dark Mode

warf (this link opens in a new window) by iamnihal (this link opens in a new window)

WARF is a Web Application Reconnaissance Framework that helps to gather information about the target.