Automic VaultAutomic Vault

brew

Install gotestwaf with Homebrew, Nix

Tool for API and OWASP attack simulation. Version 0.5.8 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install gotestwaf

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#gotestwaf

nixpkgs package indexes · pkgs/by-name/go/gotestwaf/package.nix · source: api.github.com

overview

Package summary

Tool for API and OWASP attack simulation

Commands and aliases

  • gotestwaf

history

Project history and usage

GoTestWAF is Wallarm's Go-based command-line tool for simulating API and OWASP-style attacks against web application firewalls, API gateways, IPS products, and related application-security controls.

Project history

The repository was created in January 2020. The README describes a scanner that generates malicious requests by combining payloads, encoders, and request placeholders, then records how the evaluated security solution handled those requests.

Adoption history

The project is packaged as a Docker image and a Homebrew formula, which matches its evaluation-tool use case: users can run it near the target application or security appliance without embedding it into application code.

How it is used

Users point GoTestWAF at an evaluated URL and run built-in test sets such as OWASP Top 10 and OWASP API, or supply custom YAML test cases. Reports can be generated locally, and releases in 2024 and 2025 emphasize report-format and validation work.

Why package nerds care

For package catalogs, GoTestWAF is a niche but useful security-testing CLI: it packages repeatable malicious-request generation as a portable Go binary and container, rather than as a SaaS-only scanner.

Timeline

  • 2020: Repository created.
  • 2022: README badge identifies GoTestWAF with Black Hat Arsenal USA 2022.
  • 2024: v0.4.19 and v0.5.x releases published through GitHub releases.
  • 2025: v0.5.8 release fixed HTML report validation.

Related projects

  • OWASP test categories and API-security scenarios shape the bundled test cases.
  • Wallarm publishes the project and Docker image for WAF and API-security evaluation workflows.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
config.yaml

executables

Installed executables

CommandKindExposureNote
gotestwafcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.5.8
manager updated
local dataok
upstreamcurrent
latest detectedv0.5.8

https://github.com/wallarm/gotestwaf

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:gotestwaf
Version0.5.8
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gotestwaf
Homepagehttps://lab.wallarm.com/test-your-waf-before-hackers/
Repositoryhttps://github.com/wallarm/gotestwaf
Upstream docshttps://github.com/wallarm/gotestwaf#readme
LicenseMIT
Source archivehttps://github.com/wallarm/gotestwaf/archive/refs/tags/v0.5.8.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegotestwaf
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

gotestwaf

nix profile install nixpkgs#gotestwaf
  • normalized package name match
  • Matched by: Gotestwaf
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/go/gotestwaf/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment