174 Open source projects that are alternatives of or similar to Wafpass

Detect and bypass web application firewalls and protection systems

Blazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .

http interceptor to hoomanize cloudflare requests

Web security protection system based on openresty

Headless CMS and Application Framework built with Node.js, React and MongoDB

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Fast and lightweight yet another UEFI implementation

Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

Curiefense is a unified, open source platform protecting cloud native applications.

HERCULES is a special payload generator that can bypass antivirus softwares.

AutoIt HackTool, Shortcuts .lnk Payloads Generator As LNK-KISSER.

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

A powerful PHP WAF for AWD

A framework for Backdoor development!

Web Application Firewall (WAF) on Kubernetes

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

ARCANUS is a customized payload generator/handler.

Cloak can backdoor any python script with some tricks.

BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程，欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

Open-Source Ransomware As A Service for Linux, MacOS and Windows

Exploit Discord's cache system to remote upload payloads on Discord users machines

🔥 Everything about web-application firewalls (WAF).

RAT-el is an open source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software.

My simple Swiss Army knife for http/https troubleshooting and profiling.

xWAF 3.0 - Free Web Application Firewall, Open-Source.

Padrino is a full-stack ruby framework built upon Sinatra.

Multiplatform payload dropper

MS17-010: Python and Meterpreter

A botwall for Java web applications

This repository contains full code examples from the book Gray Hat C#

Translator from USB-Rubber-Ducky payloads to a Digispark code.

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.

Python antivirus evasion tool

This repository contains payload to test NoSQL Injections

🔥Open source RASP solution

A few SQL and XSS attack tools

C++ GUI for TegraRcmSmash (Fusée Gelée exploit for Nintendo Switch)

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Collection of quality safety articles. Awesome articles.

A disk cleaning utility for developers.

Semantic Java API Library for NEM Platform

Lightweight In-App Web Application Firewall for PHP

A Undetectable Payload Generation

Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.

MSFvenom Payload Creator (MSFPC)

Just Simple Code To Play With Android Payloads (;

Curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.

Exfiltration based on custom X509 certificates

ModSecurity v3 Nginx Connector

PSR-15 middleware to parse the body of the request with support for json, csv and url-encode

Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

An NGINX and ModSecurity based Web Application Firewall for Docker

An Advanced Tool For Complete Apk-Modding In Termux ...

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Metasploit Cheat Sheet 💣

CIDRAM: Classless Inter-Domain Routing Access Manager.

🎯 SQL Injection Payload List