Detect and bypass web application firewalls and protection systems
β2,892Aug 11, 2024Updated last year
Alternatives and similar repositories for WhatWaf
Users that are interested in WhatWaf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.β6,295Mar 26, 2026Updated 3 weeks ago
- Everything about Web Application Firewalls (WAFs) from Security Standpoint! π₯β7,430Mar 26, 2026Updated 3 weeks ago
- Automatic SSRF fuzzer and exploitation toolβ3,523Sep 4, 2025Updated 7 months ago
- A Tool for Domain Flyoversβ5,921May 22, 2022Updated 3 years ago
- Most advanced XSS scanner.β14,891Apr 26, 2025Updated 11 months ago
- Wordpress hosting with auto-scaling - Free Trial β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Automatic bypass (brute force) wafβ992Mar 9, 2022Updated 4 years ago
- HTTP parameter discovery suite.β6,190Feb 20, 2025Updated last year
- A python script that finds endpoints in JavaScript filesβ4,324Apr 13, 2024Updated 2 years ago
- SSRF (Server Side Request Forgery) testing resourcesβ2,485Oct 12, 2024Updated last year
- WAFNinja is a tool which contains two functions to attack Web Application Firewalls.β826Dec 6, 2017Updated 8 years ago
- Next generation web scannerβ6,489Apr 2, 2026Updated 2 weeks ago
- CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSsβ2,528Apr 9, 2024Updated 2 years ago
- Web application fuzzerβ6,464Jan 21, 2026Updated 2 months ago
- JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Toolβ2,516Jan 21, 2020Updated 6 years ago
- Simple, predictable pricing with DigitalOcean hosting β’ AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Web path scannerβ14,171Mar 16, 2026Updated last month
- Advanced reconnaissance utilityβ996Nov 20, 2023Updated 2 years ago
- Server-Side Template Injection and Code Injection Detection and Exploitation Toolβ4,140Apr 21, 2024Updated last year
- Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies foβ¦β1,276Sep 5, 2022Updated 3 years ago
- Attack Surface Management Platformβ9,650Feb 15, 2026Updated 2 months ago
- In-depth attack surface mapping and asset discoveryβ14,398Apr 7, 2026Updated last week
- Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.β1,733Dec 1, 2024Updated last year
- This tool can be used to brute discover GET and POST parametersβ1,393Aug 24, 2019Updated 6 years ago
- Fast passive subdomain enumeration tool.β13,404Apr 8, 2026Updated last week
- Wordpress hosting with auto-scaling - Free Trial β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies andβ¦β3,913Sep 27, 2021Updated 4 years ago
- A swiss army knife for pentesting networksβ9,117Dec 6, 2023Updated 2 years ago
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)β3,568Jul 21, 2025Updated 8 months ago
- File upload vulnerability scanner and exploitation tool.β3,310May 8, 2025Updated 11 months ago
- Automated NoSQL database enumeration and web application exploitation tool.β3,263Feb 20, 2026Updated last month
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.β2,259Jan 8, 2026Updated 3 months ago
- Totally Automatic LFI Exploiter (+ Reverse Shell) and Scannerβ1,925Apr 13, 2022Updated 4 years ago
- A powerful browser crawler for web vulnerability scannersβ3,026Mar 11, 2025Updated last year
- A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, alβ¦β1,285Aug 18, 2025Updated 7 months ago
- Wordpress hosting with auto-scaling - Free Trial β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed bβ¦β1,030Feb 5, 2021Updated 5 years ago
- This tool generates gopher link for exploiting SSRF and gaining RCE in various serversβ3,340Apr 18, 2023Updated 2 years ago
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β5,869Apr 6, 2026Updated last week
- Awesome XSS stuffβ5,097Oct 30, 2024Updated last year
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the acβ¦β1,794Apr 26, 2024Updated last year
- Knock Subdomain Scanβ4,154Feb 19, 2026Updated last month
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.β8,837Dec 4, 2025Updated 4 months ago