Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Awesome-WAF
π₯ A curated list of awesome web-app firewall (WAF) stuff.
https://github.com/wisdark/Awesome-WAF
- cURL
- HPing3
- Seclists/Fuzzing
- Fuzz-DB/Attack
- Other Payloads
- this
- this
- cheat sheet
- here
- Source
- if
- Reference
- @Masato Kinugawa
- JSFuck
- JJEncode
- XChars.JS
- SSLScan
- abuse-ssl-bypass-waf - A tool which finds out supported SSL/TLS ciphers and helps in evading WAFs.
- bypass Google Cloud Platform WAF
- IP History - trails) come to the rescue during the recon process.
- bypass-firewalls-by-DNS-history - A tool which searches for old DNS records for finding actual site behind the WAF.
- this blog
- Google Dorks Cheat Sheet
- Exploit DB
- 0Day Inject0r DB
- Pastebin
- @Sec Consult
- SQLi Bypass
- XSS Bypass
- @WAFNinja
- @Global-Evolution
- @0xInfection
- Barracuda WAF 8.0.1 - Remote Command Execution (Metasploit) - db.com/?author=479#)
- Barracuda Spam & Virus Firewall 5.1.3 - Remote Command Execution (Metasploit) - db.com/?author=479)
- @ed0x21son
- @ed0x21son
- @ed0x21son
- @BGA Security
- `generic_api_call.pl` XSS - db.com/?author=6654)
- XSS Bypass
- XSS Bypass
- XSS Bypasses
- XSS Bypass
- XSS Bypass
- @Ahmet Γmit
- XSS Bypass
- XSS Bypass
- XSS Bypass
- RCE Payload Detection Bypass
- XSS Bypass
- @0xInfection
- @WAFNinja
- @hyp3rlinx
- @John Dos
- @EnableSecurity
- @WAFNinja
- @0xInfection
- @DavidK
- @DavidK
- @DavidK
- @Benjamin Mejri
- @Binar10
- @WAFNinja
- @WAFNinja
- @Aatif Khan
- `report_type` XSS - db.com/?author=6654)
- @Anonymous
- @Anastasios Monachos
- @Anonymous
- XSS Bypass for CRS 3.2
- RCE Payloads Detection Bypass for PL3
- RCE Payloads Detection Bypass for PL2
- RCE Payloads for PL1 and PL2
- RCE Payloads for PL3
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- SQLi Bypass
- XSS Bypass
- XSS Bypass
- XSS Bypass
- XSS Bypass
- XSS Bypass
- Imperva SecureSphere 13 - Remote Command Execution - db.com/?author=9396)
- @David Y
- @Emad Shanab
- @WAFNinja
- @i_bo0om
- @c0d3g33k
- @DRK1WI
- @Giuseppe D'Amore
- Imperva SecureSphere <= v13 - Privilege Escalation - db.com/?author=8991)
- XSS Bypass
- XSS Bypass
- HTML Injection
- XSS Bypass
- XSS Bypass
- @0xInfection
- XSS Bypass
- XSS Bypass
- XSS Bypass
- GET Type CSRF Attack - db.com/?author=628) (>= v.2.6.2)
- @Michael Brooks
- XSS Bypass
- @WAFNinja
- XSS Bypass (POST Only)
- Smuggling RCE Payloads
- Obfuscating RCE Payloads
- XSS Bypass
- XSS Bypass
- XSS Bypass
- Directory Traversal - db.com/author/?a=1275) (<= v3.1) (Only on ASP.NET)
- @0xInfection
- Bypassing All Protections Using A Whitelist String
- @WAFNinja
- @WAFNinja
- @Aatif Khan
- SQLi Bypass
- @brute Logic
- @0xInfection
- HTML Injection - db.com/?author=8505)
- XSS Exploit - db.com/?author=1293) (>= v3.3.5)
- Other XSS Bypasses
- @i_bo0om
- @i_bo0om
- WAFW00F - The ultimate WAF fingerprinting tool with the largest fingerprint database from [@EnableSecurity](https://github.com/enablesecurity).
- IdentYwaf - A blind WAF detection tool which utlises a unique method of identifying WAFs based upon previously collected fingerprints by [@stamparm](https://github.com/stamparm).
- GoTestWAF - A tool to test a WAF's detection logic and bypasses from [@wallarm](https://github.com/wallarm).
- Lightbulb Framework - A WAF testing suite written in Python.
- WAFBench - A WAF performance testing suite by [Microsoft](https://github.com/microsoft).
- WAF Testing Framework - A WAF testing tool by [Imperva](https://imperva.com).
- Framework for Testing WAFs (FTW) - A framework by the [OWASP CRS team](https://coreruleset.org/) that helps to provide rigorous tests for WAF rules by using the OWASP Core Ruleset V3 as a baseline.
- WAFNinja - A smart tool which fuzzes and can suggest bypasses for a given WAF by [@khalilbijjou](https://github.com/khalilbijjou/).
- WAFTester - Another tool which can obfuscate payloads to bypass WAFs by [@Raz0r](https://github.com/Raz0r/).
- libinjection-fuzzer - A fuzzer intended for finding `libinjection` bypasses but can be probably used universally.
- bypass-firewalls-by-DNS-history - A tool which searches for old DNS records for finding actual site behind the WAF.
- abuse-ssl-bypass-waf - A tool which finds out supported SSL/TLS ciphers and helps in evading WAFs.
- SQLMap Tamper Scripts - Tamper scripts in SQLMap obfuscate payloads which might evade some WAFs.
- Bypass WAF BurpSuite Plugin - A plugin for Burp Suite which adds some request headers so that the requests seem from the internal network.
- enumXFF - Eumerating IPs in X-Forwarded-Headers to bypass 403 restrictions
- AWS Firewall Factory - Deploy, update, and stage your WAFs while managing them centrally via FMS.
- Web Application Firewall (WAF) Evasion Techniques #1 - By [@Secjuice](https://www.secjuice.com).
- Web Application Firewall (WAF) Evasion Techniques #2 - By [@Secjuice](https://www.secjuice.com).
- Web Application Firewall (WAF) Evasion Techniques #3 - By [@Secjuice](https://www.secjuice.com).
- How To Exploit PHP Remotely To Bypass Filters & WAF Rules - By [@Secjuice](https://secjuice.com)
- ModSecurity SQL Injection Challenge: Lessons Learned - By [@SpiderLabs](https://trustwave.com).
- XXE that can Bypass WAF - By [@WallArm](https://labs.wallarm.com).
- SQL Injection Bypassing WAF - By [@OWASP](https://owasp.com).
- How To Reverse Engineer A Web Application Firewall Using Regular Expression Reversing - By [@SunnyHoi](https://twitter.com/sunnyhoi).
- Bypassing Web-Application Firewalls by abusing SSL/TLS - By [@0x09AL](https://twitter.com/0x09al).
- Request Encoding to Bypass WAFs - By [@Soroush Dalili](https://twitter.com/irsdl)
- WAF Bypass Techniques Using HTTP Standard and Web Servers Behavior
- Confessions of a WAF Developer: Protocol-Level Evasion of Web App Firewalls - us-12).
- Web Application Firewall - Analysis of Detection Logic
- Bypassing Browser Security Policies for Fun & Profit
- Web Application Firewall Bypassing
- Fingerprinting Filter Rules of Web Application Firewalls - Side Channeling Attacks
- Evading Deep Inspection Systems for Fun and Shell - us-13).
- Bypass OWASP CRS && CWAF (WAF Rule Testing - Unrestricted File Upload) - VQ).
- WAFs FTW! A modern devops approach to security testing your WAF
- Web Application Firewall Bypassing WorkShop
- Bypassing Modern WAF's Exemplified At XSS by Rafay Baloch
- WTF - WAF Testing Framework
- The Death of a Web App Firewall - N2sHnXFwi0XjDIMTPg).
- Adventures with the WAF
- Bypassing Intrusion Detection Systems
- Building Your Own WAF as a Service and Forgetting about False Positives
- Pinaki - WAF is licensed under the [Apache 2.0 License](LICENSE).
Programming Languages
Keywords
security
4
waf
4
owasp
3
security-tools
3
bugbounty
2
appsec
1
cybersecurity
1
hacking
1
passwords
1
payload
1
payloads
1
pentest
1
sqli
1
web-attack-payloads
1
xss
1
blind
1
inference
1
infosec
1
network
1
c
1
client
1
curl
1
ftp
1
gopher
1
http
1
https
1
imaps
1
ldap
1
libcurl
1
library
1
mqtt
1
pop3
1
scp
1
sftp
1
transfer-data
1
transferring-data
1
user-agent
1
websocket
1
amazon-web-services
1
aws
1
cdk
1
devsecops
1
firewall
1
governance
1
owasp-top-10
1
typescript
1
wafv2
1
bypassing
1
dns-record
1
network-security
1