πŸ”’ Test WAF security interactively with an AI agent and WAFtester MCP

⚑ 20 views Β· πŸ”’ SecOps & Security Automation

πŸ’‘ Pro Tip β€” If you need GitHub data beyond what the REST API gives you, ScraperNode has a repository scraper that extracts metadata at scale without token rate limits.

View All Scrapers

Description

What it does

A conversational AI agent that connects to WAFtester via MCP (Model Context Protocol) for interactive Web Application Firewall security testing. Type natural language requests β€” the agent picks the right tools, runs the tests, and explains the results.

About WAFtester

WAFtester is an open-source CLI for testing Web Application Firewalls. It ships 27 MCP tools, 2,800+ attack payloads across 18 categories (SQLi, XSS, SSRF, SSTI, command injection, XXE, and more), detection signatures for 26 WAF vendors and 9 CDNs, and enterprise-grade assessment with F1/MCC scoring and letter grades (A+ through F).

Who it’s for

How it works

The workflow has four nodes:

  1. Chat Trigger β€” Opens an n8n chat interface where you type requests in plain English
  2. AI Agent β€” Receives your message, reasons about which tools to call, and orchestrates the testing workflow
  3. OpenAI Chat Model β€” Provides the LLM reasoning layer (GPT-4o recommended; swappable for Anthropic, Ollama, etc.)
  4. WAFtester MCP β€” Connects to the WAFtester server via SSE and exposes all 27 tools to the agent

The agent follows a standard WAF testing workflow:

  1. detect_waf β€” Fingerprint the WAF vendor and CDN protecting the target
  2. discover β€” Map the attack surface (endpoints, parameters, technologies) from robots.txt, sitemaps, JavaScript, and Wayback Machine
  3. learn β€” Generate a prioritized test plan based on discovery results
  4. scan β€” Fire 2,800+ attack payloads and measure detection vs. bypass rates
  5. bypass β€” Systematic mutation matrix testing to find WAF evasion techniques
  6. assess β€” Generate a formal security grade with F1, precision, MCC, and false positive rate

Long-running operations (scan, assess, bypass, discover, discover_bypasses, event_crawl, scan_spec) run asynchronously β€” the agent polls for results automatically.

Key capabilities

CapabilityDetails
WAF detectionFingerprint 26 WAF vendors and 9 CDNs from response headers, cookies, and error pages
Payload scanning2,800+ payloads across 18 attack categories
Bypass discoveryMutation matrix with 40+ tamper techniques to find WAF evasions
Enterprise assessmentF1 score, precision, MCC, false positive rate, and A+ through F grading
API spec testingValidate, plan, and scan OpenAPI/Swagger/Postman specs
Headless crawlingClick-driven DOM crawling via headless browser for JS-rendered endpoints
Knowledge resources12 built-in resources covering WAF signatures, evasion techniques, OWASP mappings, and config defaults

Example prompts

How to set up

  1. Start WAFtester MCP server: docker run -p 8080:8080 ghcr.io/waftester/waftester:latest mcp --http :8080
  2. Add OpenAI credentials in n8n: Settings β†’ Credentials β†’ New β†’ OpenAI API
  3. Select the credential in the OpenAI Chat Model node
  4. Activate the workflow and open the chat interface

Alternatively, use the included docker-compose.yml to run both n8n and WAFtester together with docker compose up -d.

Requirements

RequirementDetails
WAFtester MCP serverDocker image (ghcr.io/waftester/waftester:latest) or binary install for macOS, Linux, Windows
LLM API keyOpenAI (default), or swap the model node for Anthropic, Ollama, Azure OpenAI, or any LangChain-compatible provider
AuthorizationOnly test targets you have explicit written permission to test

πŸ”— Nodes Used

AI Agent, OpenAI Chat Model, Chat Trigger, MCP Client Tool

πŸ“₯ Import

Download workflow.json and import into n8n: Workflow menu β†’ Import from File

πŸ“– Importing guide Β· πŸ”‘ Credential setup