Detect and bypass web application firewalls and protection systems
β2,907Aug 11, 2024Updated last year
Alternatives and similar repositories for WhatWaf
Users that are interested in WhatWaf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β6,442Apr 19, 2026Updated 2 months ago
- Everything about Web Application Firewalls (WAFs) from Security Standpoint! π₯β7,532Mar 26, 2026Updated 3 months ago
- Automatic SSRF fuzzer and exploitation toolβ3,583Sep 4, 2025Updated 10 months ago
- A Tool for Domain Flyoversβ5,947May 22, 2022Updated 4 years ago
- Most advanced XSS scanner.β15,048Apr 26, 2025Updated last year
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Automatic bypass (brute force) wafβ994Mar 9, 2022Updated 4 years ago
- HTTP parameter discovery suite.β6,335Feb 20, 2025Updated last year
- A python script that finds endpoints in JavaScript filesβ4,404Apr 13, 2024Updated 2 years ago
- SSRF (Server Side Request Forgery) testing resourcesβ2,507Oct 12, 2024Updated last year
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.β828Dec 6, 2017Updated 8 years ago
- Next generation web scannerβ6,695Apr 2, 2026Updated 3 months ago
- Web application fuzzerβ6,535Jan 21, 2026Updated 5 months ago
- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSsβ2,555Jun 17, 2026Updated 3 weeks ago
- JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Toolβ2,520Jan 21, 2020Updated 6 years ago
- GPU virtual machines on DigitalOcean Gradient AI β’ AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Web path scannerβ14,458Jul 1, 2026Updated last week
- Advanced reconnaissance utilityβ992Nov 20, 2023Updated 2 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ4,182Apr 21, 2024Updated 2 years ago
- Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies foβ¦β1,291Sep 5, 2022Updated 3 years ago
- In-depth attack surface mapping and asset discoveryβ14,801Apr 17, 2026Updated 2 months ago
- Automated penetration testing & attack surface management platform. Recon, scan, exploit, report β 600+ exploits, 90+ integrations, 10K+ β¦β10,254Jun 24, 2026Updated 2 weeks ago
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.β1,763Dec 1, 2024Updated last year
- This tool can be used to brute discover GET and POST parametersβ1,394Aug 24, 2019Updated 6 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,954Sep 27, 2021Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Fast passive subdomain enumeration tool.β13,966Updated this week
- A swiss army knife for pentesting networksβ9,149Dec 6, 2023Updated 2 years ago
- File upload vulnerability scanner and exploitation tool.β3,322May 8, 2025Updated last year
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,615Apr 15, 2026Updated 2 months ago
- Automated NoSQL database enumeration and web application exploitation tool.β3,311Feb 20, 2026Updated 4 months ago
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.β2,315Jun 5, 2026Updated last month
- A powerful browser crawler for web vulnerability scannersβ3,036Mar 11, 2025Updated last year
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alβ¦β1,305Aug 18, 2025Updated 10 months ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,947Apr 13, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean β’ AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed bβ¦β1,033Feb 5, 2021Updated 5 years ago
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β6,033Jul 1, 2026Updated last week
- This tool generates gopher link for exploiting SSRF and gaining RCE in various serversβ3,393Apr 18, 2023Updated 3 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the acβ¦β1,807Apr 26, 2024Updated 2 years ago
- Knock Subdomain Scanβ4,168Feb 19, 2026Updated 4 months ago
- Awesome XSS stuffβ5,125Oct 30, 2024Updated last year
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.β8,953Dec 4, 2025Updated 7 months ago