waf

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

🔥 Everything about web-application firewalls (WAF).

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

My simple Swiss Army knife for http/https troubleshooting and profiling.

Padrino is a full-stack ruby framework built upon Sinatra.

🔥Open source RASP solution

Detect and bypass web application firewalls and protection systems

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Collection of quality safety articles. Awesome articles.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

High-performance WAF built on the OpenResty stack

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

ModSecurity v3 Nginx Connector

Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

Janusec Application Gateway, an application security solution which provides ACME HTTPS, WAF (Web Application Firewall), CC defense, OAuth2 Authentication and load balancing. Janusec应用网关，提供ACME自动化证书与HTTPS接入、WAF (Web Application Firewall)、CC防御、OAuth2身份认证、负载均衡等功能。

Code-Audit-Challenges

JXWAF(锦衣盾)是一款开源web应用防火墙

An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777