evilwaf is a penetration testing tool designed to detect and bypass common Web Application Firewalls (WAFs).
☆727Mar 22, 2026Updated this week
Alternatives and similar repositories for evilwaf
Users that are interested in evilwaf are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Grab form parameters easily☆14Dec 11, 2024Updated last year
- Deep Packet Inspection • Traffic Forensics • Network Threat Detection☆50Feb 20, 2026Updated last month
- PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.☆72Oct 22, 2025Updated 5 months ago
- ☆15Apr 17, 2025Updated 11 months ago
- A python-based vulnerability scanner designed to identify open redirect flaws in website applications.☆24Mar 15, 2026Updated last week
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆84Jan 26, 2026Updated last month
- Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.☆122Dec 29, 2025Updated 2 months ago
- URILoot is a browser extension designed for Bug Bounty Hunters and Pentesters. Makes fetching uris easy from various sources.☆58Feb 15, 2026Updated last month
- Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagemen…☆132Mar 8, 2026Updated 2 weeks ago
- A lightweight Command and Control (C2) framework built for offensive security research and red teaming (Post Exploitation).☆68Dec 17, 2025Updated 3 months ago
- Slide deck for DEF CON 30 - Read Team Village - Offensive Wireless Security presentation☆13Aug 16, 2022Updated 3 years ago
- Burp Suite Extension useful to inspect UPnP security☆16Nov 9, 2021Updated 4 years ago
- best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect☆1,535Dec 7, 2025Updated 3 months ago
- Azure apim mini proxy☆54Feb 16, 2026Updated last month
- Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…☆167Oct 21, 2025Updated 5 months ago
- AI-powered ffuf wrapper☆651Dec 4, 2025Updated 3 months ago
- Subdomain Enumerator and Simple Crawler☆354Feb 12, 2026Updated last month
- BeaconatorC2 is a framework for red teaming and adversarial emulation, providing a full-featured management interface, along with a catal…☆92Jan 14, 2026Updated 2 months ago
- 🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…☆1,555Mar 16, 2026Updated last week
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- ☆10Jul 21, 2022Updated 3 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 3 years ago
- Automated Cloud Misconfiguration Testing☆22Jun 20, 2025Updated 9 months ago
- Collection of BOFs created for red team/adversary emulation engagements. Created to be small and interchangeable, for quick recon or even…☆265Mar 11, 2026Updated last week
- A lightweight Python HTTP server with fuzzy filename matching and automatic fallback to directory listing.☆13Aug 28, 2025Updated 6 months ago
- Nuclei templates for source code analysis. Detects hardcoded secrets, config leaks, debug endpoints. Also helps identify OWASP Top 10 iss…☆83Jun 11, 2025Updated 9 months ago
- ☆242Mar 16, 2026Updated last week
- CVE-2025-6218 is a directory traversal vulnerability in WinRAR that allows an attacker to place files outside the intended extraction dir…☆16Jul 10, 2025Updated 8 months ago
- Find S3 AWS/GCP/Azure buckets while surfing. S3DNS acts as DNS server, follows CNAMEs and matches any bucket pattern☆128Mar 16, 2026Updated last week
- PowerShell tool for auditing Microsoft Entra ID Conditional Access policies and MFA compliance☆37Aug 2, 2025Updated 7 months ago
- Detection for CVE-2025-61882 & CVE-2025-61884☆36Oct 14, 2025Updated 5 months ago
- CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overfl…☆53Jan 11, 2025Updated last year
- A Burp Suite extension for analyzing Next.js Server Actions - server-side functions identified by hash IDs and `Next-Action` headers.☆48Aug 8, 2025Updated 7 months ago
- XSSGAI is the first-ever AI-powered XSS (Cross-Site Scripting) payload generator. It leverages machine learning and deep learning to crea…☆36Feb 4, 2026Updated last month
- REAP expert pruning for MoE LLMs on Apple Silicon via MLX☆45Mar 16, 2026Updated last week
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆1,428Jul 14, 2025Updated 8 months ago
- This script checks the status of URLs to see if they are alive or not.☆13Nov 22, 2024Updated last year
- Detection for CVE-2025-68613☆29Dec 22, 2025Updated 3 months ago
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆30Oct 13, 2025Updated 5 months ago