Tag Archives: WAF

Shadowd – The Shadow Daemon Web Application Firewall

Shadowd (Shadow Daemon) is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall

NAXSI – Low Rules Maintenance WAF for NGINX

NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms.

bypass-firewalls-by-DNS-history – Tool to Bypass Firewalls

bypass-firewalls-by-DNS-history is a bash script (ab)uses DNS history records. This script will search for old DNS A records and check if the server..

Lightbulb – Framework for Auditing Web Applications Firewalls

LightBulb is an open source python framework for auditing web application firewalls and filters. Web Applications Firewalls (WAFs) are fundamental

WAFNinja – Tool to Bypass Web Application Firewalls

WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and

Wafpass – Analyzing WAF Bypass Methods

WAFPASS is a tool to analyze parameters with all payloads' bypass methods, aiming at benchmark security solutions like WAF.

XSStrike – Most advanced XSS Detection Suite

XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler.