Search Results for "web application firewall"
Sort By:
Showing 46 open source projects for "web application firewall"
View related business solutions-
Earn up to 16% annual interest with Nexo.Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
1
WAFW00F
WAFW00F allows one to identify and fingerprint Web App Firewall
The Web Application Firewall Fingerprinting Tool. Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is. If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks. ... -
2
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc. -
3
Payloads All The Things
A list of useful payloads and bypass for Web Application Security
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares. -
4
CacheGuard Gateway
Free UTM appliance: firewall, VPN, WAF and antivirus in one ISO.
...CacheGuard-OS is not an app, it IS the OS. A fully custom network appliance operating system built from scratch over 20 years, now fully open source. One ISO includes: firewall, VPN, web antivirus, URL filtering, SSL inspection, WAF, reverse proxy, load balancer and QoS. Free for any number of users. Optional paid support available. Source code: https://github.com/cacheguard/CacheGuard-OS Website: https://www.cacheguard.com/ -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
fsociety
Modular CLI framework for managing penetration testing tools
...Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. Its modular architecture organizes tools into categories such as information gathering, networking, web application security, and password testing. This structure allows users to quickly navigate through different security tasks while maintaining a consistent interface. fsociety can automatically clone and manage required tools, reducing the manual effort typically needed to set up a penetration testing toolkit. fsociety is distributed as a Python package. -
6
reNgine
Automated framework for web application reconnaissance and scanning
reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface.... -
7
Argus
Python toolkit for OSINT and reconnaissance with 135+ modules
...It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner. Argus includes a modular architecture with more than 130 modules that support activities such as DNS analysis, port scanning, web application inspection, and threat intelligence lookups. Its interactive CLI allows users to browse available modules, configure targets, run scans, and review results from within a unified interface. ... -
8
discover
Automation framework for reconnaissance and penetration testing tasks
...It provides a menu-driven interface that allows security professionals to quickly launch different tools and scripts without manually executing each command. The framework helps streamline activities such as information gathering, network scanning, and web application testing during security assessments. Discover also integrates with well-known security tools like Metasploit to generate malicious payloads and manage listeners for exploitation tasks. By organizing multiple security utilities and scripts into one environment, the project reduces repetitive manual steps and standardizes penetration testing workflows. ... -
9
Raccoon
High-performance reconnaissance and vulnerability scanning tool
Raccoon is a high-performance offensive security tool designed to assist with reconnaissance and vulnerability scanning during penetration testing and security assessments. It automates several common reconnaissance tasks, allowing security professionals to quickly gather information about a target system or web application. The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. Raccoon can perform DNS enumeration, subdomain discovery, and URL fuzzing to uncover hidden endpoints and infrastructure components. It also integrates network scanning capabilities through tools such as Nmap to detect open ports, services, and potential vulnerabilities. ... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
Maltrail
Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic... -
11
Digna Web Scanner
A tool to check web apps for vulnerabilty
This web application scanner is a powerful tool designed to identify potential security vulnerabilities in websites with full GUI (no need to cli). It currently performs checks for: SQL Injection (SQLi): Detects vulnerabilities that could allow attackers to inject malicious SQL code and manipulate the database. XSS Cross-site-scripting: Detect vulnerability that allow attackers to inject client-side scripts into web pages Cross-Site Request Forgery (CSRF): Helps discover vulnerabilities that could allow attackers to trick users into performing unintended actions on a website. ... -
12
WebPin
Advanced Modern Web Application Manager for Linux
Advanced Modern Web Application Manager for Linux Transform any website into a native desktop application -
13
MailCleaner
Anti Spam SMTP Gateway
MailCleaner Open Source Edition is now discontinued but will continue under the spamtagger project https://github.com/SpamTagger [antispam] MailCleaner is an anti-spam / anti-virus filter SMTP gateway with user and admin web interfaces, quarantine, multi-domains, multi-templates, multi-languages. Using Bayes, RBLs, Spamassassin, MailScanner, ClamAV. Based on Debian. Enterprise ready. MailCleaner is an anti spam gateway installed between your mail infrastructure and the Internet. It... -
14
S.I.P.E.R.
Advanced website blocking and productivity tool
A powerful, user-friendly website blocking and productivity application built with modern GTK 4 and Libadwaita. S.I.P.E.R. helps you maintain focus and productivity by blocking distracting websites with advanced features like Pomodoro focus mode, comprehensive statistics, and multi-language support. -
15
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
16
Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on both OpenVPN and IPsec).
-
17
boundman
Add rule to windows firewall to block inbound and outbound traffic
Boundman is an advanced, user-friendly, and sleek application designed to take control over your network connections. It allows you to efficiently manage and block incoming and outgoing traffic for specific .exe files contained within a chosen folder and its subfolders. With its intuitive PyQt5 graphical interface and robust PowerShell scripts, Boundman provides seamless integration with the Windows Firewall for a powerful network management experience. -
18
Pentest-Tools
A collection of custom security tools for quick needs.
Pentest-Tools is a collection of penetration testing scripts and utilities designed to help security professionals and ethical hackers perform vulnerability assessments. It includes a wide range of tools for tasks like web scraping, reconnaissance, data extraction, and network analysis. The suite is modular, allowing users to choose the tools that best fit their specific pentesting needs, from web application analysis to network penetration testing. -
19
Signal Sciences Site Management Tool
Signal Sciences Site Manager
Signal Sciences Site Manager. -
20
TIDoS
Python web penetration testing framework with modular security tools
TIDoS-Framework is an open source web application penetration testing framework designed to assist security researchers and ethical hackers in identifying vulnerabilities in web systems. It provides a comprehensive environment for performing multiple phases of security assessment, including reconnaissance, scanning, enumeration, vulnerability analysis, and exploitation. -
21
BlackWidow
Python web scanner for OSINT gathering and OWASP vulnerability fuzzing
BlackWidow is a Python-based web application scanning tool designed to crawl target websites and collect open-source intelligence (OSINT) while identifying potential security vulnerabilities. It functions as a web spider that systematically explores a site to gather valuable information such as URLs, dynamic parameters, subdomains, email addresses, and phone numbers associated with the target domain. -
22
Unified Sessions Manager
Pioneering Private and Public Cloud Management since 2008
The UnifiedSessionsManager supports the integrated management of user sessions within Private-Clouds, comprising heterogeneous IT landscapes of various physical and virtual machines, hypervisor management, and virtual user sessions with remote desktops. Extracted documents see https://sourceforge.net/projects/ctys-doc. -
23
WhatWaf?
Detect and bypass web application firewalls and protection systems
WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. -
24
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). -
25
Xplico
Xplico is a Network Forensic Analysis Tool (NFAT)
Xplico is a Network Forensic Analysis Tool (NFAT). The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP, MGCP, MEGACO, RTP), IRC, WhatsApp... Xplico is able to classify more than 140 (application) protocols. Xplico cam be used as sniffer-decoder if used in "live mode" or in conjunction with netsniff-ng. Xplico is used...
