214 Open source projects that are alternatives of or similar to litewaf

Web-Security-Learning

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Collection of quality safety articles. Awesome articles.

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

xWAF 3.0 - Free Web Application Firewall, Open-Source.

🖤 网络安全与渗透测试工具导航

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Cheatsheet to exploit and learn SQL Injection.

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

AliGuard PHP WAF

releases-openstar-Enterprise

utility to sanitize hast nodes

rewrite constructor arguments, call DOMPurify, profit

XSS in pastebin.com and reddit.com via unsanitized markdown output

Machine Learning WAF Based

This package is a plugin for Terraform, and is designed to be used to auto-provision sites in Incapsula via Incapsula’s API from the terraform cli/yaml configurations.

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

Integrate Airlock WAF in a Kubernetes or OpenShift Environment

Powerful dork searcher and vulnerability scanner for windows platform

It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.

In progress rough solutions to bWAPP / bee-box

Because life is too short to waste your time transforming naxsi logs to rules by hand

Toolset for detecting reflected xss in websites

Pretty vulnerable flask app..

XSS Payload without Anything.

对springSecurity进行二次开发，提供OAuth2授权(支持跨域名，多应用授权)、JWT、SSO、文件上传、权限系统无障碍接入、接口防刷、XSS、CSRF、SQL注入、三方登录(绑定，解绑)、加密通信等一系列安全场景的解决方案

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

🌹 基于OpenResty编写一个MVC模式的WEB项目 V0.01

A Deliberately Insecure Web Application

No description or website provided.

SQL注入扫描器

Payload encoder for bypass WAF

⚡️ Docker official image for Wallarm Node. API security platform agent.

A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

The official PHP SDK for Shieldfy

A vulnerability fuzzing tool written in bash, it contains the most commonly used tools to perform vulnerability scan

Minimalist cheat sheet for developpers to write secure code

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

A web-based testing platform for WAF (Web Application Firewall)'s correctness

WAF for WordPress 🔥 with 60+ security checks and weekly updates

Kubernetes Ingress controller with integrated Wallarm services

Vulture 4 base system and bootstrap scripts

Make XSS Great Again

Reinforced Mitigation Security Filter

LEMP stack in a Kubernetes cluster

Vaf is a cross-platform very advanced and fast web fuzzer written in nim

Markdown to HTML using marked and DOMPurify. Safe by default.

Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.

Filter user input for XSS but don't touch other html

Prevents XSS by figuring out how to escape untrusted values in templates

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

Small but effective wordlist for brute-forcing and discovering hidden things.

CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.

Framework for Testing WAFs (FTW!)

Simple and lightweight library that helps to validate SVG files in security manners.

Proof of Concept code for CVE-2015-0345 (APSB15-07)