Alemalakra / Xwaf
Licence: mit
xWAF 3.0 - Free Web Application Firewall, Open-Source.
Stars: ✭ 48
Projects that are alternatives of or similar to Xwaf
Blackwidow
A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Stars: ✭ 887 (+1747.92%)
Mutual labels: application, xss, sqli
waf4wordpress
WAF for WordPress 🔥 with 60+ security checks and weekly updates
Stars: ✭ 102 (+112.5%)
Mutual labels: firewall, waf
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1929.17%)
Mutual labels: xss, sqli
Payloads
Git All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+5862.5%)
Mutual labels: xss, sqli
shieldfy-php-client
The official PHP SDK for Shieldfy
Stars: ✭ 15 (-68.75%)
Mutual labels: firewall, waf
Awesome Waf
🔥 Everything about web-application firewalls (WAF).
Stars: ✭ 4,047 (+8331.25%)
Mutual labels: firewall, waf
Collection Document
Collection of quality safety articles. Awesome articles.
Stars: ✭ 1,387 (+2789.58%)
Mutual labels: xss, waf
Laravel Firewall
Web Application Firewall (WAF) package for Laravel
Stars: ✭ 544 (+1033.33%)
Mutual labels: firewall, waf
Waf
🚦Web Application Firewall or API Gateway(应用防火墙/API网关)
Stars: ✭ 547 (+1039.58%)
Mutual labels: firewall, waf
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+1506.25%)
Mutual labels: xss, waf
Berserker
A list of useful payloads for Web Application Security and Pentest/CTF
Stars: ✭ 212 (+341.67%)
Mutual labels: xss, sqli
aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (+50%)
Mutual labels: firewall, waf
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (+204.17%)
Mutual labels: xss, sqli
litewaf
Lightweight In-App Web Application Firewall for PHP
Stars: ✭ 32 (-33.33%)
Mutual labels: waf, xss
Docker Waf
An NGINX and ModSecurity based Web Application Firewall for Docker
Stars: ✭ 181 (+277.08%)
Mutual labels: firewall, waf
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+710.42%)
Mutual labels: xss, waf
xWAF - Web Application Firewall
Original Free Web Application Firewall, Open-Source.
Features
- [x] XSS Vulns Fixed.
- [x] SQL Injection Fixed.
- [x] Anti-Cookie-Steal Method.
- [x] HTML Malicious Code's Vulns Fixed.
- [x] CSRF Easy to use, and validation.
- [x] Block HTML Upgraded.
- [x] Lightweight.
- [x] Array Support, All Bypass fixed.
- [x] Advanced Bot validation, Browser Validation.
- [x] Most Poc's SQLi and XSS.
- [x] Security upgraded.
- [x] Errors supression.
- [x] Cloudflare and BlazingFast Support.
Sample Usage
// Before all your code starts.
require('xwaf.php');
$xWAF = new xWAF();
$xWAF->start();
// Your code below.
Advanced Usage
// Before of all your CODE.
require('xwaf.php');
$xWAF = new xWAF();
// Cloudflare Mode [Optional]
$xWAF->useCloudflare();
// BlazingFast Mode [Optional]
$xWAF->useBlazingfast();
// Use Own IP Header [Optional]
$xWAF->customIPHeader('IP-Header');
// Anti-Cookie-Steal Method [Optional]
$xWAF->antiCookieSteal('username'); // For trigger if on PHPSESSID is logged.
// Check separated types.
$xWAF->checkGET();
$xWAF->checkPOST();
$xWAF->checkCOOKIE();
// Your code below.
CSRF Validation Example
Please read test.php
Requirements
- [x] Min: PHP5.3 (With common functions)
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].