Attack the castle doors!
Web Application Firewalls (WAF)
- Awesome WAF - Known Bypasses - Known WAF bypasses
- Abuse SSL Bypass - Bypassing WAF by abusing SSL/TLS Ciphers.
- FTW - Framework for Testing WAFs (FTW!).
- gotestwaf - Test different WAF for detection logic and bypasses.
- hakoriginfinder - Tool for discovering the origin host behind a reverse proxy.
- IdentYwaf - Blind WAF identification tool.
- Lightbulb Framework - Tools for auditing WAFS.
- WAF Bench - Tool to measure the performance of WAF.
- WAF Bypass - This script will search for DNS A history records and check if the server replies for that domain.
- WAF Ninja - Tool which contains two functions to attack Web Application Firewalls.
- WAF Tester - WAF Testing Tool.
- wafw00f - Allows one to identify and fingerprint WAF products protecting a website.
- WhatWaf - Detect and bypass web application firewalls and protection systems