mgm-sp / WAF-Payload-Collection
Payloads that can be used for testing web application firewalls
☆41Updated 2 years ago
Alternatives and similar repositories for WAF-Payload-Collection:
Users that are interested in WAF-Payload-Collection are comparing it to the libraries listed below
- Measures the effectiveness of your Web Application Firewall (WAF)☆77Updated last year
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆167Updated 2 weeks ago
- Testing datasets and tools to compare WAF efficacy☆163Updated 2 months ago
- Tools to assess DNS security.☆151Updated 11 months ago
- First iteration of ML based Feedback WAF☆58Updated 11 months ago
- Cloud agnostic IAM permissions enumerator☆140Updated 5 months ago
- A comprehensive knowledge base for security professionals to keep track of and build defenses against API attack techniques.☆42Updated 5 months ago
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆124Updated this week
- Some of my rough notes for Docker threat detection☆47Updated last year
- A recon tool that uses ML to predict subdomains. Then returns those that resolve.☆49Updated last month
- This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)☆43Updated 2 years ago
- A set of open-source community scripts☆60Updated 4 months ago
- Find what egress ports are allowed☆39Updated 2 years ago
- WAF bypass PoC☆46Updated last year
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- Tool to discover external and internal network attack surface☆194Updated 9 months ago
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆84Updated last year
- Nuclear Pond is a utility leveraging Nuclei to perform internet wide scans for the cost of a cup of coffee.☆175Updated last year
- Zero-dollar attack surface management tool☆270Updated 10 months ago
- Vulnerability scanner for AWS customer managed policies using ChatGPT☆143Updated last year
- Downloads Information from NIST (CVSS), first.org (EPSS), and CISA (Exploited Vulnerabilities) and combines them into one list. Reports f…☆141Updated 2 years ago
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆101Updated 3 months ago
- Tool for helping in the exploitation of path traversal vulnerabilities in Java web applications☆25Updated 2 years ago
- Tools for finding SMTP smuggling vulnerabilities.☆119Updated 10 months ago
- Hunt SSL Certificates for interesting keywords on major cloud service providers / internet☆38Updated 2 months ago
- yataf extracts secrets and paths from files or urls - its best used against javascript files☆51Updated 5 months ago
- A tool for pulling top-10 cves from cvetrend.com. ;)☆15Updated 2 years ago
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆169Updated 3 months ago
- Post-exploit a compromised etcd, gain persistence and remote shell to nodes.☆73Updated 9 months ago
- Build OpenApi specs for your APIs from Burp's traffic using Levo.ai. Also detect the PII in your APIs.☆27Updated 7 months ago