Detect and bypass web application firewalls and protection systems
β2,880Aug 11, 2024Updated last year
Alternatives and similar repositories for WhatWaf
Users that are interested in WhatWaf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β6,247Jan 27, 2026Updated 2 months ago
- Everything about Web Application Firewalls (WAFs) from Security Standpoint! π₯β7,398Aug 28, 2025Updated 6 months ago
- Automatic SSRF fuzzer and exploitation toolβ3,505Sep 4, 2025Updated 6 months ago
- A Tool for Domain Flyoversβ5,916May 22, 2022Updated 3 years ago
- Most advanced XSS scanner.β14,831Apr 26, 2025Updated 11 months ago
- DigitalOcean Gradient AI Platform β’ AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Automatic bypass (brute force) wafβ994Mar 9, 2022Updated 4 years ago
- HTTP parameter discovery suite.β6,154Feb 20, 2025Updated last year
- SSRF (Server Side Request Forgery) testing resourcesβ2,482Oct 12, 2024Updated last year
- A python script that finds endpoints in JavaScript filesβ4,309Apr 13, 2024Updated last year
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.β825Dec 6, 2017Updated 8 years ago
- Next generation web scannerβ6,469Oct 19, 2025Updated 5 months ago
- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSsβ2,524Apr 9, 2024Updated last year
- Web application fuzzerβ6,452Jan 21, 2026Updated 2 months ago
- JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Toolβ2,516Jan 21, 2020Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient β’ AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Web path scannerβ14,114Mar 16, 2026Updated last week
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ4,131Apr 21, 2024Updated last year
- Advanced reconnaissance utilityβ995Nov 20, 2023Updated 2 years ago
- Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies foβ¦β1,275Sep 5, 2022Updated 3 years ago
- Attack Surface Management Platformβ9,622Feb 15, 2026Updated last month
- In-depth attack surface mapping and asset discoveryβ14,282Updated this week
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.β1,726Dec 1, 2024Updated last year
- This tool can be used to brute discover GET and POST parametersβ1,396Aug 24, 2019Updated 6 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,907Sep 27, 2021Updated 4 years ago
- End-to-end encrypted cloud storage - Proton Drive β’ AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Fast passive subdomain enumeration tool.β13,283Mar 20, 2026Updated last week
- A swiss army knife for pentesting networksβ9,108Dec 6, 2023Updated 2 years ago
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,555Jul 21, 2025Updated 8 months ago
- File upload vulnerability scanner and exploitation tool.β3,305May 8, 2025Updated 10 months ago
- Automated NoSQL database enumeration and web application exploitation tool.β3,252Feb 20, 2026Updated last month
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.β2,251Jan 8, 2026Updated 2 months ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,920Apr 13, 2022Updated 3 years ago
- A powerful browser crawler for web vulnerability scannersβ3,021Mar 11, 2025Updated last year
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alβ¦β1,284Aug 18, 2025Updated 7 months ago
- Simple, predictable pricing with DigitalOcean hosting β’ AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed bβ¦β1,026Feb 5, 2021Updated 5 years ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various serversβ3,334Apr 18, 2023Updated 2 years ago
- Awesome XSS stuffβ5,074Oct 30, 2024Updated last year
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the acβ¦β1,787Apr 26, 2024Updated last year
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β5,837Updated this week
- Knock Subdomain Scanβ4,148Feb 19, 2026Updated last month
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.β8,812Dec 4, 2025Updated 3 months ago