waf

There are 478 repositories under waf topic.

  • chaitin/SafeLine

    A simple, lightweight, and secure WAF. Developed based on Nginx and connected as a reverse proxy. Protect your web applications from common attacks and exploits.

    Language:TypeScript10.4k61729606

  • owasp-modsecurity/ModSecurity

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

    Language:C++7.7k3912.3k1.5k

  • 0xInfection/Awesome-WAF

    🔥 Web-application firewalls (WAFs) from security standpoint.

    Language:Python6k25861k

  • EnableSecurity/wafw00f

    WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

    Language:Python4.9k14092914

  • nbs-system/naxsi

    NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

    Language:C4.8k228485608

  • trimstray/htrace.sh

    My simple Swiss Army knife for http/https troubleshooting and profiling.

    Language:Shell3.7k5084235
  • bunkerweb

    bunkerity/bunkerweb

    🛡️ Make your web services secure by default !

    Language:Python3.6k46397231

  • padrino/padrino-framework

    Padrino is a full-stack ruby framework built upon Sinatra.

    Language:Ruby3.4k1171.4k510

  • Mr-xn/BurpSuite-collections

    有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

    Language:HTML3.1k746633

  • baidu/openrasp

    🔥Open source RASP solution

    Language:C++2.7k108183592

  • Ekultek/WhatWaf

    Detect and bypass web application firewalls and protection systems

    Language:Python2.5k761.6k432

  • tom0li/collection-document

    Collection of quality safety articles. Awesome articles.

    2k1152514
  • coraza

    corazawaf/coraza

    OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

    Language:Go1.9k32317197

  • al0ne/Vxscan

    python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。

    Language:Python1.7k4830442

  • ADD-SP/ngx_waf

    Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

    Language:C1.5k25105184

  • owasp-modsecurity/ModSecurity-nginx

    ModSecurity v3 Nginx Connector

    Language:Perl1.5k86243271

  • wallarm/gotestwaf

    An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

    Language:Go1.4k3967191

  • roxy-wi/roxy-wi

    Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

    Language:HTML1.4k51296238

  • FWGS/xash3d-fwgs

    Xash3D FWGS engine.

    Language:C1.4k431.3k215

  • p0pr0ck5/lua-resty-waf

    High-performance WAF built on the OpenResty stack

    Language:Perl1.3k86250301

  • swoodford/aws

    A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.

    Language:Shell1.1k536556

  • nemesida-waf/waf-bypass

    Check your WAF before an attacker does

    Language:Python1.1k2111155

  • Janusec/janusec

    JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

    Language:Go1.1k4147264

  • nillerusr/source-engine

    Modified source engine (2017) developed by valve and leaked in 2020. Not for commercial purporses

    Language:C++1.1k36223166

  • jx-sec/jxwaf

    JXWAF是一款开源web应用防火墙

    Language:Lua1k5452250

  • CHYbeta/Code-Audit-Challenges

    Code-Audit-Challenges

    966386206

  • akaunting/laravel-firewall

    Web Application Firewall (WAF) package for Laravel

    Language:PHP912175099

  • TeaWeb/build

    TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777

    Language:Go7663569182

  • titansec/OpenWAF

    Web security protection system based on openresty

    Language:C7466530238
  • curiefense

    curiefense/curiefense

    Curiefense is a unified, open source platform protecting cloud native applications.

    Language:Rust71919445116

  • openappsec/openappsec

    open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

    Language:C++710189949

  • wallarm/awesome-nginx-security

    🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

    69938373

  • jbe2277/waf

    Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

    Language:C#6976719127

  • nccgroup/BurpSuiteHTTPSmuggler

    A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

    Language:Java688286110

  • chengdedeng/waf

    :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)

    Language:Java6734910208

  • YagamiiLight/Cerberus

    一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

    Language:Python6401612130