Detect and bypass web application firewalls and protection systems
β2,872Aug 11, 2024Updated last year
Alternatives and similar repositories for WhatWaf
Users that are interested in WhatWaf are comparing it to the libraries listed below
Sorting:
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β6,213Jan 27, 2026Updated last month
- Everything about Web Application Firewalls (WAFs) from Security Standpoint! π₯β7,375Aug 28, 2025Updated 6 months ago
- Automatic SSRF fuzzer and exploitation toolβ3,489Sep 4, 2025Updated 6 months ago
- A Tool for Domain Flyoversβ5,904May 22, 2022Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resourcesβ2,482Oct 12, 2024Updated last year
- Most advanced XSS scanner.β14,787Apr 26, 2025Updated 10 months ago
- HTTP parameter discovery suite.β6,109Feb 20, 2025Updated last year
- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSsβ2,519Apr 9, 2024Updated last year
- A python script that finds endpoints in JavaScript filesβ4,294Apr 13, 2024Updated last year
- Web application fuzzerβ6,434Jan 21, 2026Updated last month
- Automatic bypass (brute force) wafβ994Mar 9, 2022Updated 3 years ago
- Attack Surface Management Platformβ9,435Feb 15, 2026Updated 2 weeks ago
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.β823Dec 6, 2017Updated 8 years ago
- JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Toolβ2,514Jan 21, 2020Updated 6 years ago
- Next generation web scannerβ6,434Oct 19, 2025Updated 4 months ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,903Sep 27, 2021Updated 4 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ4,123Apr 21, 2024Updated last year
- Web path scannerβ14,042Feb 20, 2026Updated 2 weeks ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.β1,716Dec 1, 2024Updated last year
- A swiss army knife for pentesting networksβ9,086Dec 6, 2023Updated 2 years ago
- In-depth attack surface mapping and asset discoveryβ14,193Updated this week
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,544Jul 21, 2025Updated 7 months ago
- This tool can be used to brute discover GET and POST parametersβ1,394Aug 24, 2019Updated 6 years ago
- Automated NoSQL database enumeration and web application exploitation tool.β3,240Feb 20, 2026Updated 2 weeks ago
- File upload vulnerability scanner and exploitation tool.β3,302May 8, 2025Updated 9 months ago
- Knock Subdomain Scanβ4,138Feb 19, 2026Updated 2 weeks ago
- Fast passive subdomain enumeration tool.β13,159Feb 25, 2026Updated last week
- Advanced reconnaissance utilityβ994Nov 20, 2023Updated 2 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the acβ¦β1,774Apr 26, 2024Updated last year
- A powerful browser crawler for web vulnerability scannersβ3,016Mar 11, 2025Updated 11 months ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.β2,244Jan 8, 2026Updated last month
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alβ¦β1,285Aug 18, 2025Updated 6 months ago
- Awesome XSS stuffβ5,066Oct 30, 2024Updated last year
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,914Apr 13, 2022Updated 3 years ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various serversβ3,302Apr 18, 2023Updated 2 years ago
- A Modern Orchestration Engine for Securityβ6,116Updated this week
- Git All the Payloads! A collection of web attack payloads.β3,908May 15, 2023Updated 2 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.β8,776Dec 4, 2025Updated 3 months ago
- Fast subdomains enumeration tool for penetration testersβ10,841Aug 2, 2024Updated last year