#
Firewalls
#
Defensive Security
#
Firewall Hardware
- Netgate - Open-source company that provides high-performance and affordable appliance and software-based firewall, VPN, and routing solutions.
- UniFi - Full-Stack Networking. Home to Enterprise grade equipment.
- Untangle - Network Security Framework provides cloud-managed security and connectivity.
#
Firewall Software
- ClearOS - Designed for use in small and medium enterprises as a network gateway.
- Endian - A turn-key linux security distribution that makes your system a full featured security appliance.
- ipfire - The Open Source Firewall.
- OPNsense - Main repository for OPNsense core. See https://opnsense.org/ for more details and prebuilt images.
- pfSense - Main repository for pfSense. Based on FreeBSD using the pf firewall.
- Shorewall - Shorewall is a gateway/firewall configuration tool for GNU/Linux.
- Sophos XG - Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more.
- VyOS - Open source router and firewall platform.
#
Web Application Firewalls (WAF)
- Lua Resty WAF - High-performance WAF built on the OpenResty stack.
- ModSecurity - Open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx.
- Naxsi - Open-source, high performance, low rules maintenance WAF for NGINX.
- Predator - Anti-Automation System.
- Shadow Daemon - The Shadow Daemon web application firewall server.
- Vulture - An open-source WAF.
#
Offensive Security
- Awesome WAF - Known Bypasses - Known WAF bypasses
- Abuse SSL Bypass - Bypassing WAF by abusing SSL/TLS Ciphers.
- FTW - Framework for Testing WAFs (FTW!).
- gotestwaf - Test different WAF for detection logic and bypasses.
- hakoriginfinder - Tool for discovering the origin host behind a reverse proxy.
- IdentYwaf - Blind WAF identification tool.
- Lightbulb Framework - Tools for auditing WAFS.
- WAF Bench - Tool to measure the performance of WAF.
- WAF Bypass - This script will search for DNS A history records and check if the server replies for that domain.
- WAF Ninja - Tool which contains two functions to attack Web Application Firewalls.
- WAF Tester - WAF Testing Tool.
- wafw00f - Allows one to identify and fingerprint WAF products protecting a website.
- WhatWaf - Detect and bypass web application firewalls and protection systems