macOS
brew install gotestwaflocal Homebrew formula metadata
brew
Tool for API and OWASP attack simulation. Version 0.5.8 via Homebrew; verified from local package data.
install
brew install gotestwaflocal Homebrew formula metadata
nix profile install nixpkgs#gotestwafnixpkgs package indexes · pkgs/by-name/go/gotestwaf/package.nix · source: api.github.com
overview
Tool for API and OWASP attack simulation
history
GoTestWAF is Wallarm's Go-based command-line tool for simulating API and OWASP-style attacks against web application firewalls, API gateways, IPS products, and related application-security controls.
The repository was created in January 2020. The README describes a scanner that generates malicious requests by combining payloads, encoders, and request placeholders, then records how the evaluated security solution handled those requests.
The project is packaged as a Docker image and a Homebrew formula, which matches its evaluation-tool use case: users can run it near the target application or security appliance without embedding it into application code.
Users point GoTestWAF at an evaluated URL and run built-in test sets such as OWASP Top 10 and OWASP API, or supply custom YAML test cases. Reports can be generated locally, and releases in 2024 and 2025 emphasize report-format and validation work.
For package catalogs, GoTestWAF is a niche but useful security-testing CLI: it packages repeatable malicious-request generation as a portable Go binary and container, rather than as a SaaS-only scanner.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
config.yamlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
gotestwaf | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/wallarm/gotestwaf
install metadata
| Package key | brew:gotestwaf |
|---|---|
| Version | 0.5.8 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/gotestwaf |
| Homepage | https://lab.wallarm.com/test-your-waf-before-hackers/ |
| Repository | https://github.com/wallarm/gotestwaf |
| Upstream docs | https://github.com/wallarm/gotestwaf#readme |
| License | MIT |
| Source archive | https://github.com/wallarm/gotestwaf/archive/refs/tags/v0.5.8.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | gotestwaf |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
gotestwaf
nix profile install nixpkgs#gotestwafsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.