leveryd/x-waf external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

leveryd/x-waf

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/leveryd/x-waf)

Close

leveryd / x-wafView on GitHubMore

• External links
• Readme badge

让"WAF绕过"变得简单

☆437Jan 26, 2025Updated last year

Alternatives and similar repositories for x-waf

Users that are interested in x-waf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Phelaine / SinkFinder

  View on GitHub
  闭源系统半自动漏洞挖掘工具，针对 jar/war/zip 进行静态代码分析，输出从source到sink的可达路径。LLM将验证路径可达性，并根据上下文给出该路径可信分数
  ☆510Jan 12, 2026Updated 4 months ago
• ReaJason / MemShellParty

  View on GitHub
  一款专注于 Java 主流 Web 中间件的内存马快速生成工具，致力于简化安全研究人员和红队成员的工作流程，提升攻防效率
  ☆1,465Apr 26, 2026Updated last month
• Zjackky / CodeScan

  View on GitHub
  一款轻量级匹配Sink点的代码审计扫描器，为了帮助红队过程中快速代码审计的小工具
  ☆406Oct 6, 2024Updated last year
• vulhub / java-chains

  View on GitHub
  Java Vulnerability Exploitation Platform
  ☆2,061Apr 29, 2026Updated 3 weeks ago
• Lotus6 / JavaGadgetGenerator

  View on GitHub
  JavaGadgetGenerator 工具，支持 ysoserial，Hessian，字节码，Expr/SSTI，Shiro，JDBC 等 Gadget 生成，封装，混淆，出网延迟探测，内存马注入等...
  ☆569Apr 3, 2026Updated last month
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• KimJun1010 / inspector

  View on GitHub
  IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）
  ☆584Mar 10, 2025Updated last year
• 0x727 / ChkApi_0x727

  View on GitHub
  辅助甲方安全人员巡检网站资产，发现并分析API安全问题
  ☆528Jan 20, 2025Updated last year
• c0r1 / BypassPro

  View on GitHub
  AutoBypass403-BurpSuite 插件二开重构，优化执行逻辑
  ☆306Oct 12, 2024Updated last year
• wh1t3zer / SpringBootVul-GUI

  View on GitHub
  一个半自动化springboot打点工具，内置目前springboot所有漏洞
  ☆780Sep 30, 2025Updated 7 months ago
• SpringKill-team / CodeAuditAssistant

  View on GitHub
  🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sink…
  ☆786Mar 14, 2026Updated 2 months ago
• saoshao / DetSql

  View on GitHub
  Burp插件，快速探测可能存在SQL注入的请求并标记，提高测试效率
  ☆805Feb 26, 2026Updated 3 months ago
• Conan924 / PostHikvision

  View on GitHub
  哥斯拉Hikvision综合安防后渗透插件，运行中心/web前台/MinIO 配置提取（解密）重置密码,还原密码。
  ☆173Oct 8, 2024Updated last year
• cwkiller / JDBC-PROXY-Bypass

  View on GitHub
  利用代理驱动绕过JDBC Attack检测
  ☆144Jun 15, 2025Updated 11 months ago
• DeEpinGh0st / MDUT-Extend-Release

  View on GitHub
  MDUT-Extend(扩展版本)
  ☆924Mar 27, 2026Updated last month
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• howmp / reality

  View on GitHub
  grs内网穿透工具通过reality协议隐藏特征
  ☆611Dec 4, 2025Updated 5 months ago
• INotGreen / SharpScan

  View on GitHub
  内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破（SSH、SMB、MsSQL等）、Socks代理，一键自动化+无文件落地扫描
  ☆478Nov 20, 2024Updated last year
• lemono0 / FastJsonParty

  View on GitHub
  FastJson全版本Docker漏洞环境(涵盖1.2.47/1.2.68/1.2.80等版本)，主要包括JNDI注入及高版本绕过、waf绕过、文件读写、原生反序列化、利用链探测绕过、不出网利用等。从黑盒的角度覆盖FastJson深入利用
  ☆1,211Jul 12, 2024Updated last year
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆464Jan 12, 2025Updated last year
• wgpsec / cloudsword

  View on GitHub
  一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具
  ☆604Feb 3, 2026Updated 3 months ago
• vaycore / OneScan

  View on GitHub
  OneScan 是一款用于递归目录扫描的 BurpSuite 插件
  ☆1,244Jun 24, 2025Updated 11 months ago
• Lotus6 / ConfluenceMemshell

  View on GitHub
  Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎 内存马注入
  ☆560Feb 1, 2024Updated 2 years ago
• xiaogang000 / XG_NTAI

  View on GitHub
  用于Webshell木马免杀、流量加密传输，多多支持star
  ☆1,048Jun 27, 2025Updated 10 months ago
• eeeeeeeeee-code / e0e1-config

  View on GitHub
  综合后渗透方面的杂烩
  ☆591Mar 1, 2026Updated 2 months ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• pen4uin / java-memshell-generator

  View on GitHub
  一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
  ☆2,194Aug 21, 2025Updated 9 months ago
• novysodope / javaeasyscan

  View on GitHub
  javaeasyscanner - 富婆系列，代码审计辅助工具，致力于解放大脑，方便双手
  ☆277Jun 18, 2024Updated last year
• UzJu / Cloud-Bucket-Leak-Detection-Tools

  View on GitHub
  六大云存储，泄露利用检测工具
  ☆1,254Mar 28, 2025Updated last year
• wa1ki0g / NoAuth

  View on GitHub
  java-web 自动化鉴权绕过
  ☆381Apr 3, 2025Updated last year
• achuna33 / Memoryshell-JavaALL

  View on GitHub
  收集内存马打入方式
  ☆507May 20, 2022Updated 4 years ago
• wgpsec / lc

  View on GitHub
  LC（List Cloud）是一个多云攻击面资产梳理工具
  ☆643Oct 6, 2024Updated last year
• Whoopsunix / JavaRce

  View on GitHub
  Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
  ☆549Mar 6, 2025Updated last year
• yulate / jdbc-tricks

  View on GitHub
  《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…
  ☆586Feb 7, 2026Updated 3 months ago
• suizhibo / MemShellGene

  View on GitHub
  一款Java内存马生成、测试工具，搭配@ax1sX的MemShell食用。
  ☆263Feb 15, 2026Updated 3 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• ekkoo-z / Z-Godzilla_ekp

  View on GitHub
  哥斯拉webshell管理工具二次开发规避流量检测设备
  ☆1,062Dec 2, 2025Updated 5 months ago
• byname66 / SerializeJava

  View on GitHub
  用Go+Fyne开发的，展示JAVA序列化流以及集成一键插入脏数据,UTF过长编码绕WAF(Utf OverLoad Encoding),修改类SerializeVersionUID功能的图形化工具。
  ☆127Jan 14, 2025Updated last year
• wjlin0 / riverPass

  View on GitHub
  riverPass 是一个用Go编写的瑞数WAF绕过工具。它利用了WebSocket协议，将请求发送的自身浏览器中，从而绕过了瑞数WAF的检测。
  ☆234Oct 18, 2024Updated last year
• pykiller / API-T00L

  View on GitHub
  互联网厂商API利用工具。
  ☆569Sep 13, 2024Updated last year
• X1r0z / JNDIMap

  View on GitHub
  A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…
  ☆584May 4, 2026Updated 3 weeks ago
• chainreactors / spray

  View on GitHub
  最好用最智能最可控的目录Fuzz工具 | The most powerful, user-friendly, intelligent, and precise HTTP Fuzzer.
  ☆1,026Updated this week
• K-7H7l / Jeecg_Tools

  View on GitHub
  本工具为jeecg框架漏洞利用工具非jeecg-boot！
  ☆184Aug 13, 2024Updated last year