waf

There are 50 repositories under waf topic.

• chaitin / SafeLine

  一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。 A free WAF that is sufficiently simple, effective, and powerful. Utilizing industry-leading semantic engine detection technology, it operates as a reverse proxy to protect your website from hacker attacks.

  aclccfirewallhttp-floodsecuritysecurity-toolssql-injectionwafweb-application-firewallweb-securityxsscaptchadockermodsecuritynginx
  Language:C++ 8962

• owasp-modsecurity / ModSecurity

  ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

  modsecuritynginxapacheapache2waf
  Language:C++ 7666

• 0xInfection / Awesome-WAF

  🔥 Web-application firewalls (WAFs) from security standpoint.

  wafweb-application-firewallfirewallawesome-listawesomewaf-bypasswaf-detectionwaf-testwaf-testingwaf-fingerprintsbypass-wafinfosecsecurity
  Language:Python 5962

• EnableSecurity / wafw00f

  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

  waffingerprintwaffitweb-application-firewall
  Language:Python 4911

• nbs-system / naxsi

  NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

  cnaxsinginxwaf
  Language:C 4774

• trimstray / htrace.sh

  My simple Swiss Army knife for http/https troubleshooting and profiling.

  https-troubleshotinghttp-requestshttptracerredirect-urlstesting-toolssecurity-toolsdebugging-toolsswissarmyknifemozilla-observatoryssllabs-scannmapnmap-scriptstestsslwafsublist3r
  Language:Shell 3712
• bunkerweb

  bunkerity / bunkerweb

  🛡️ Make your web services secure by default !

  antibotbunkerized-nginxcybersecuritydevopsdevsecopsdnsbldockerhardeninghostingkubernetesletsencryptmodsecuritynginxreverse-proxysecuritysecurity-tuningswarmwafweb-application-firewallweb-security
  Language:Python 3515

• padrino / padrino-framework

  Padrino is a full-stack ruby framework built upon Sinatra.

  padrinorubywaf
  Language:Ruby 3365

• Mr-xn / BurpSuite-collections

  有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

  burpsuiteburpsuite-extenderburpsuite-toolshacktoolpentestingpentest-toolburp-extensionshackbarj2eescansqlmapwafjarburp-requestspython-burpburpsuite-xkeysshiro-burpsendtoburpsuite-java
  Language:HTML 3080

• baidu / openrasp

  🔥Open source RASP solution

  devsecopsiastraspsecuritywaf
  Language:C++ 2706

• Ekultek / WhatWaf

  Detect and bypass web application firewalls and protection systems

  bypassfirewallweb-applicationdetectionwaffingerprintingweb-application-firewall-bypassingweb-application-firewall
  Language:Python 2528

• tom0li / collection-document

  Collection of quality safety articles. Awesome articles.

  dnspentestlistsecuritysechackingsrcbug-bountyfuzzxssresearchgithubwafjavahackerredteambounty-hunterswebcloudawesome
  1979
• coraza

  corazawaf / coraza

  OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

  corazawafcoraza-wafowasp-crsmodsecuritycorerulesetowaspgolanggohttpweb-application-firewallhacktoberfest
  Language:Go 1853

• al0ne / Vxscan

  python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

  pythonpython3portscantoolspentestscan-toolsecurity-toolswaffingerprintdirectory-scanningport-scanningpoc-scanningwebsite-fingerprintcdndetectionfingerprint-recognition-erroridentification
  Language:Python 1720

• ADD-SP / ngx_waf

  Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

  nginxnginx-modulesweb-application-firewallwafmodsecuritymodsecurity-nginxopenrestycaptchahcaptcharecaptcha
  Language:C 1454

• owasp-modsecurity / ModSecurity-nginx

  ModSecurity v3 Nginx Connector

  modsecuritynginxmodsecurity-nginxnginx-connectorwaflibmodsecurity
  Language:Perl 1436

• wallarm / gotestwaf

  An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

  owaspapi-securitysecuritybugbountysecurity-toolswafweb-application-securityweb-application-firewallsecurity-testinggraphql-securitygrpc-securityrest-security
  Language:Go 1419

• roxy-wi / roxy-wi

  Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

  haproxy-serversweb-interfacemanagementweb-managerweb-guiguiwebuihaproxy-configurationhaproxy-statushaproxy-guihaproxy-managmenthigh-availibilityloadbalancerlbswafnginxkeepalived-serversmonitoringroxy-wiapache
  Language:HTML 1409

• FWGS / xash3d-fwgs

  Xash3D FWGS engine.

  xash3d-fwgsxash3d-enginewafcrossplatform
  Language:C 1406

• p0pr0ck5 / lua-resty-waf

  High-performance WAF built on the OpenResty stack

  lua-resty-wafluanginx-luamodsecuritywafopenresty
  Language:Perl 1255

• swoodford / aws

  A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.

  awsawscliamazonec2s3elbcloudfrontcloudwatchiamroute53vpcwafterraformbashshellaws-clicidrjsonjqinfrastructure-as-code
  Language:Shell 1134

• nemesida-waf / waf-bypass

  Check your WAF before an attacker does

  wafpython3bypasspythonrcexsswaf-bypass-toolapi-security-testinglfinosql-injectionpath-traversalrfisqli-injectiongraphql-injectionsstiwaf-testing
  Language:Python 1115

• Janusec / janusec

  JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

  wafweb-application-firewallapplication-gatewayload-balancegatewayapplication-securitygolangsecurityweb-application-securitysql-injectionjanusec-application-gatewayweb-sshjanusecport-forwardingacmek8s-ingress-controllercookie-bannergslbcookie-compliance
  Language:Go 1109

• nillerusr / source-engine

  Modified source engine (2017) developed by valve and leaked in 2020. Not for commercial purporses

  cross-platformgame-enginehalf-life2source-enginewaf
  Language:C++ 1065

• jx-sec / jxwaf

  JXWAF(锦衣盾)是一款开源web应用防火墙

  jxwafnginx-luaopenrestywaf
  Language:Lua 1031

• TeaOSLab / EdgeAdmin

  CDN & WAF集群管理系统。

  golangcdnwafproxydnshttp2reverseproxyipv6tcpudphttp3webp
  Language:JavaScript 990

• CHYbeta / Code-Audit-Challenges

  Code-Audit-Challenges

  audit-challengesctfnodejsphppythonsecuritysqlwaf
  965

• akaunting / laravel-firewall

  Web Application Firewall (WAF) package for Laravel

  akauntingblacklistfirewalllaravelphpsecuritywafwhitelist
  Language:PHP 897

• TeaWeb / build

  TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777

  apifastcgigolanghttp2logmonitorproxyserverstatisticsvisualizationwafweb
  Language:Go 765

• titansec / OpenWAF

  Web security protection system based on openresty

  wafopenrestynginxluawebnginx-luaopenwafweb-application-firewallcchttp-flood
  Language:C 744
• curiefense

  curiefense / curiefense

  Curiefense is a unified, open source platform protecting cloud native applications.

  envoyproxywafbotmanagementddoscloud-nativemicroservicessecurityrate-limiterddos-protectionsessionbot-managementcncf
  Language:Rust 715

• wallarm / awesome-nginx-security

  🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

  nginxmodsecuritywafnaxsiawesome-listawesome-listssecuritywebserverload-balancernginx-securitynginx-servermod-securitynginx-environmentnginx-configurationkubernetesapplication-securityapi-securityapigateway
  695

• jbe2277 / waf

  Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

  wafdotnetcsharpwpfuwpmvvmarchitectural-patternsframeworkxamarinandroidiosmauiwinui
  Language:C# 694

• nccgroup / BurpSuiteHTTPSmuggler

  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

  wafbypassburpsuiteburpsuite-extender
  Language:Java 686

• openappsec / openappsec

  open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

  api-securityapplication-securitykubernetesnginxweb-application-firewallappsecdevsecopskongrate-limitingsecurity-toolsthreat-preventionwafowaspowasp-top-tennginx-proxy-manager
  Language:C++ 683

• chengdedeng / waf

  :vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)

  firewallhttp-proxylittleproxysecuritywaf
  Language:Java 672