"topic:waf-bypass" — Search

84 results for “topic:waf-bypass”

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

awesomeawesome-listbypass-waffirewallinfosecsecuritywafwaf-bypasswaf-detectionwaf-fingerprintswaf-testwaf-testingweb-application-firewall

devploit/nomore403

🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.

Go1.6k175Updated 7 hours ago

403403-bypassbugbountybypassctfgohttppentestpentestingreconnaissancesecuritytoolwaf-bypasswebsec

0xacb/recollapse

REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications

Python1.3k147Updated 7 months ago

fuzzinghacking-toolsnormalizationregexwaf-bypass

blacklanternsecurity/TREVORproxy

A SOCKS proxy written in Python that randomizes your source IP address. Round-robin your evil packets through SSH tunnels or give them billions of unique source addresses!

Python51976Updated 4 months ago

hack-toolip-addresspassword-sprayproxyproxy-serverpythonsockssocks5trevorwaf-bypass

devploit/XORpass

Encoder to bypass WAF filters using XOR operations.

Python25344Updated 3 years ago

bugbountypentestingphpwaf-bypasswebsecxor

gagaltotal/Bypass-WAF-SQLMAP

Bypass WAF SQL Injection SQLMAP

19962Updated 1 month ago

mysqlphppythonsqlsql-injectionsqlinjectionsqlmapvulnerabilitywaf-bypasswebsite

kh4sh3i/WAF-Bypass

🔥 Web application firewalls (WAF) bypass

5513Updated 2 years ago

bypassbypassingexploitfirewallhackowasppentestsecuritywafwaf-bypasswaf-bypass-toolwaf-bypasserwaf-detectionwafw00fxss

dalisecurity/Fray

AI-native security toolkit — fray go target.com scans everything. 7,600+ payloads, 98 WAF vendors, 36+ recon checks. Zero config

Python524Updated just now

attack-surfacebugbountycloudflaremcpmcp-serverowasppayload-databasepenetration-testingpentestingpythonreconsecuritysecurity-toolssql-injectionvulnerabilityvulnerability-scannerwafwaf-bypasswaf-detectionxss

dr34mhacks/ExecEvasion

ExecEvasion is a lightweight execution-evasion toolkit that generates command variants designed to bypass naive filters and WAF rules by leveraging real shell parsing behavior on Linux and Windows.

HTML497Updated 1 month ago

bugbounty-tooldefense-evasionwaf-bypasswaf-bypass-tool

theghostshinobi/waf-stressor

Production-grade Web Application Firewall testing tool. Detects Cloudflare, AWS WAF, Akamai & more. Identifies bypass vectors via URL normalization. Perfect for bug bounty & pentesting.

Python439Updated 3 months ago

bugbountyethical-hackingethical-hacking-toolspentestingwafwaf-bypasswaf-detectionwaf-testing

easypro-tech/brs-xss

MIT license BRS-XSS is a modular Python CLI scanner for XSS vulnerabilities. Features context-aware payloads, WAF evasion, DOM analysis via Playwright, ML-based risk scoring, and export in HTML/JSON/SARIF. Designed for integration with Brabus Recon Suite (BRS).

Python345Updated 2 months ago

appsecbrabusbug-bountycybersecuritydom-xsseasyprotechethical-hackingowasppenetration-testingplaywrightsecuritysecurity-automationsecurity-toolsvulnerability-scannerwaf-bypassweb-securityxss

Xib3rR4dAr/filter-var-sqli

Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )

321Updated 6 years ago

bug-bountypenetration-testingsql-injectionwaf-bypass

Zeyad-Azima/WAF_Bypass_Guide

Guide For WAF Bypass Techniques

2915Updated 5 years ago

bypassfirewallwafwaf-bypasswaf-detectionwafw00fwebwebsite

r3kind1e/Log4Shell-obfuscated-payloads-generator

Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.

Python262Updated 3 years ago

cve-2021-44228cve-2021-45046log4jlog4shellvulnerability-researchwaf-bypass

XoanOuteiro/caliper

Discover WAF bypass vectors for any payload on any HTTP method, the civilized way.

Python230Updated 10 months ago

cybersecurity-toolsfirewall-bypasspentesting-toolswaf-bypass

0xBugatti/400OK

When "403 Forbidden" stands between you and your target, 400OK breaks through with 22 bypass techniques and 4,400+ payloads.

Go221Updated 1 month ago

403403-bypassbugbountyevasionhtboffsecoscposwepentestpentesting-toolswaf-bypass

slicingmelon/gobypass403

A powerful WAF (HTTP 403/401) and URL parser bypass tool developed in Go, designed to preserve exact URL paths and structures during testing.

Go212Updated 2 weeks ago

403-bypassaccess-control-bypassacl-bypasscligolangpath-traversalpenetration-testingwaf-bypasswebsecurity

Michele0303/undetected-httpx

Stop getting 403 Forbidden. A specialized httpx-like toolkit for WAF evasion.

Python191Updated 2 months ago

anti-bot-bypassanti-bot-evasioncloudflare-bypasscurl-cffihttpxreconnaissancerequestsscrapingsecuritywaf-bypass

E-

e-m3din4/the-nurse

A WAF Bypass tool assisting in the use of SQLMap Tampers list according to specific WAF vendors.

Shell172Updated 3 years ago

bashfirewallinjectionssqlmaptamperwaf-bypasswebapp

toxy4ny/cortisol

WAF Bypass & Normalization Stress Tester (for Red Teams)

Zig162Updated 1 month ago

cybersecuritycybersecurity-toolseducationredteamredteam-toolsredteamingtoolswafwaf-bypass

papocch10/encode-me

Payload encoder for bypass WAF

Go163Updated 6 years ago

payload-encoderwafwaf-bypass

E-

e-m3din4/domain-a-tricks

A Domain-Recon Automated Tool.

Shell150Updated 3 years ago

bruteforcecloudflarednsdns-recordsdomainfile-parserheaderorigin-ippenetration-testingreverse-proxysubdomain-scannerwafwaf-bypasswaf-detectionwebappwhois

fijimunkii/shodan-waf-bypass

Firewall bypass script based on shodan search results

JavaScript146Updated 6 years ago

bypassfirewallfirewall-bypassshodanwafwaf-bypass

Teycir/Excalibur

Dual-component security testing tool for bypassing WAFs, CAPTCHAs, and anti-bot protections. Chrome extension records HTTP traffic during manual browser interaction. Burp Suite extension imports HAR files and extracted cookies for automated bug bounty and penetration testing workflows.

Python130Updated 1 month ago

burp-suitechrome-extensioncookie-extractioncyber-securityhar-exportpenetration-testingwaf-bypass

MartinPSDev/BypassNinja

Bypass 403

Python134Updated 7 months ago

automationbugbountybypass-techniqueshttp-403pentestingsecurity-toolswaf-bypass

toxy4ny/vacuum_and_masquerade-

DNS - Server Amplification Scanner and Masker - Advanced Penetration Testing Framework

Python121Updated 7 months ago

amplificationamplification-attackscybersecuritycybersecurity-educationcybersecurity-toolsdirsearchdnsdns-serverfuzzerhydranmappentestpentestingredteamredteam-toolsscannervulnerabilityvulnerability-scannerswaf-bypass

Adw0rm-sec/VISTA

🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.

Java121Updated 3 weeks ago

ai-poweredai-securitybug-bountyburp-extensionburp-suiteburpsuite-extensionidorjavaopenaiowasppenetration-testingpentestsecurity-testingsecurity-toolssqlissrfvulnerability-scannerwaf-bypassweb-securityxss

hupe1980/scan4log4shell

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system

Go123Updated 4 years ago

authblue-teamcve-2021-44228cve-2021-45046cve-2021-45105dnsform-detectionfuzzinglog4jlog4shellrcered-teamscannervulnerabilitywaf-bypass

Cyberheroess/Saldiscript

Bypass WAF payload adaptif

Python113Updated 1 year ago

bypass-wafhackinghacking-toolhacking-toolshardwarepentestpentest-toolpentestingpentesting-toolsviruswafwaf-bypasswafv2

miniact/mangyaWAF

A Machine Learning Based Web Application firewall

Jupyter Notebook102Updated 2 years ago

aibugbountycybersecuritymachine-learningpayloadpyhton3wafwaf-bypassxss

Page 1 of 3