realad / waf-testingLinks
A lightweight toolkit for testing Web Application Firewall (WAF) effectiveness and identifying security gaps. This repository is available as a template that you can quickly customize for your own WAF testing needs.
☆51Updated 3 months ago
Alternatives and similar repositories for waf-testing
Users that are interested in waf-testing are comparing it to the libraries listed below
Sorting:
- ☆55Updated last year
- Find CVEs associated to Linux and public exploits on github☆119Updated 3 months ago
- Domain_checker application is the trial/demo version for the new EASM (External Attack Surface Management) system called HydrAttack (hydr…☆188Updated last year
- ☆187Updated 3 months ago
- Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit☆109Updated 2 months ago
- ☆94Updated 4 months ago
- A fully automated subdomain reconnaissance and sensitive data discovery toolkit.☆44Updated last month
- List of tools and resources for pentesting Microsoft Active Directory☆84Updated last month
- A New Approach to Directory Bruteforce with WaybackLister v1.0☆191Updated last month
- A Go-based utility that processes input through multiple AI models concurrently (OpenAI, Claude, and Gemini) and provides a summarized co…☆74Updated last month
- SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source c…☆101Updated 3 months ago
- ThreatTracer - A python Script to identify CVE by name & version and more by @FR13ND0x7F☆137Updated 2 months ago
- An automated NMAP python script☆47Updated 5 months ago
- CHOMTE.SH is a powerful shell script designed to automate reconnaissance tasks during penetration testing. It utilizes various Go-based t…☆129Updated 7 months ago
- Dredging up secrets from the depths of the file system☆129Updated 9 months ago
- 🔍 LFIer is a powerful and efficient tool for detecting Local File Inclusion (LFI) vulnerabilities in web applications.☆53Updated 7 months ago
- A Tool for Bug Bounty Hunters that uses Passive and Active Techniques to fetch URLs as a strong Recon, so you can then create Attack Vect…☆75Updated 11 months ago
- Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces☆163Updated 3 months ago
- ☆65Updated 2 years ago
- ☆241Updated 6 months ago
- ☆78Updated 2 years ago
- A command-line tool to query the DeHashed API. Easily search for various parameters like usernames, emails, hashed passwords, IP addresse…☆241Updated last month
- MayorSec DNS Enumeration Tool☆87Updated 8 months ago
- OSCP preparation tools, scripts and cheatsheets☆57Updated 2 years ago
- ☆67Updated 3 years ago
- A curated list of cloud pentesting resource, contains AWS, Azure, Google Cloud☆122Updated 3 years ago
- Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSR…☆125Updated 11 months ago
- This repository contains my writeups for the labs in PortSwigger's Web Security Academy platform. Each lab writeup includes the lab's nam…☆98Updated 3 weeks ago
- A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesyst…☆180Updated last year
- A PlayBook for OSWP & Wireless Pentest☆37Updated last year