waf
There are 478 repositories under waf topic.
chaitin/SafeLine
A simple, lightweight, and secure WAF. Developed based on Nginx and connected as a reverse proxy. Protect your web applications from common attacks and exploits.
owasp-modsecurity/ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
0xInfection/Awesome-WAF
🔥 Web-application firewalls (WAFs) from security standpoint.
EnableSecurity/wafw00f
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
nbs-system/naxsi
NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
trimstray/htrace.sh
My simple Swiss Army knife for http/https troubleshooting and profiling.
bunkerity/bunkerweb
🛡️ Make your web services secure by default !
padrino/padrino-framework
Padrino is a full-stack ruby framework built upon Sinatra.
Mr-xn/BurpSuite-collections
有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
baidu/openrasp
🔥Open source RASP solution
Ekultek/WhatWaf
Detect and bypass web application firewalls and protection systems
tom0li/collection-document
Collection of quality safety articles. Awesome articles.
corazawaf/coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
al0ne/Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
ADD-SP/ngx_waf
Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块
owasp-modsecurity/ModSecurity-nginx
ModSecurity v3 Nginx Connector
wallarm/gotestwaf
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
roxy-wi/roxy-wi
Web interface for managing Haproxy, Nginx, Apache and Keepalived servers
FWGS/xash3d-fwgs
Xash3D FWGS engine.
p0pr0ck5/lua-resty-waf
High-performance WAF built on the OpenResty stack
swoodford/aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
nemesida-waf/waf-bypass
Check your WAF before an attacker does
Janusec/janusec
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
nillerusr/source-engine
Modified source engine (2017) developed by valve and leaked in 2020. Not for commercial purporses
jx-sec/jxwaf
JXWAF是一款开源web应用防火墙
CHYbeta/Code-Audit-Challenges
Code-Audit-Challenges
akaunting/laravel-firewall
Web Application Firewall (WAF) package for Laravel
TeaWeb/build
TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777
titansec/OpenWAF
Web security protection system based on openresty
curiefense/curiefense
Curiefense is a unified, open source platform protecting cloud native applications.
openappsec/openappsec
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
wallarm/awesome-nginx-security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
jbe2277/waf
Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.
nccgroup/BurpSuiteHTTPSmuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
chengdedeng/waf
:vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)
YagamiiLight/Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能