| Ekultek/WhatWaf |
2,419 |
|
0 |
0 |
over 2 years ago |
0 |
|
476 |
other |
Python |
| Detect and bypass web application firewalls and protection systems |
| nemesida-waf/waf-bypass |
970 |
|
0 |
0 |
over 2 years ago |
0 |
|
0 |
mit |
Python |
| Check your WAF before an attacker does |
| nccgroup/BurpSuiteHTTPSmuggler |
680 |
|
0 |
0 |
almost 7 years ago |
0 |
|
1 |
agpl-3.0 |
Java |
| A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques |
| Warflop/cloudbunny |
342 |
|
0 |
0 |
about 2 years ago |
0 |
|
0 |
mit |
Python |
| CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. |
| codewatchorg/bypasswaf |
273 |
|
0 |
0 |
about 8 years ago |
0 |
|
2 |
|
Java |
| Add headers to all Burp requests to bypass some WAF products |
| YagamiiLight/Cerberus |
246 |
|
0 |
0 |
over 6 years ago |
0 |
|
5 |
|
Python |
| 一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能 |
| Bo0oM/WAF-bypass-Cheat-Sheet |
224 |
|
0 |
0 |
over 7 years ago |
0 |
|
0 |
|
|
| Another way to bypass WAF Cheat Sheet (draft) |
| LandGrey/abuse-ssl-bypass-waf |
213 |
|
0 |
0 |
over 4 years ago |
0 |
|
0 |
|
Python |
| Bypassing WAF by abusing SSL/TLS Ciphers |
| wafpassproject/wafpass |
202 |
|
0 |
0 |
over 2 years ago |
0 |
|
2 |
mit |
Python |
| Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF. |
| devploit/XORpass |
191 |
|
0 |
0 |
almost 4 years ago |
0 |
|
0 |
gpl-3.0 |
Python |
| Encoder to bypass WAF filters using XOR operations. |
