#Waf

Showing 60 of 79 repositories tagged #waf, ranked by stars

chaitin
chaitin
SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Score
100
★ 21.7k ⑂ 1.4k +40/day
Go
crowdsecurity
crowdsecurity
crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

Score
89
★ 14.2k ⑂ 672 +2/day
Go
bunkerity
bunkerity
bunkerweb

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Score
100
★ 10.7k ⑂ 633 +3/day
Python
0xInfection
0xInfection
Awesome-WAF

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Score
80
★ 7.5k ⑂ 1.2k +3/day
Python
EnableSecurity
EnableSecurity
wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Score
60
★ 6.5k ⑂ 1.0k +12/day
Python
corazawaf
corazawaf
coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Score
78
★ 3.6k ⑂ 334 +37/day
Go
coreruleset
coreruleset
coreruleset

OWASP CRS (Official Repository)

Score
100
★ 3.2k ⑂ 460 +3/day
Python
baidu
baidu
openrasp

🔥Open source RASP solution

Score
86
★ 3.0k ⑂ 621
C++
kejilion
kejilion
sh

KEJILION.SH 一款全功能的Linux管理脚本!An all-in-one Linux management script!

Score
100
★ 3.0k ⑂ 967 +12/day
Shell
tom0li
tom0li
collection-document

Collection of quality safety articles. Awesome articles.

Score
72
★ 2.1k ⑂ 508
wallarm
wallarm
gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Score
70
★ 1.8k ⑂ 257
Go
al0ne
al0ne
Vxscan

python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。

Score
20
★ 1.8k ⑂ 434
Python
Safe3
Safe3
uusec-waf

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Score
95
★ 1.7k ⑂ 168 +2/day
Shell
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
89
★ 1.6k ⑂ 127 +3/day
C++
C0nw0nk
C0nw0nk
Nginx-Lua-Anti-DDoS

A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc

Score
98
★ 1.6k ⑂ 310
Lua
nemesida-waf
nemesida-waf
waf-bypass

Check your WAF before an attacker does

Score
40
★ 1.5k ⑂ 186 +5/day
Python
swoodford
swoodford
aws

A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.

Score
78
★ 1.4k ⑂ 652 +1/day
Shell
Marven11
Marven11
Fenjing

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

Score
93
★ 1.3k ⑂ 76
Python
Janusec
Janusec
janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

Score
67
★ 1.2k ⑂ 268
Go
pingooio
pingooio
pingoo

The fast and secure Load Balancer / API Gateway / Reverse Proxy with built-in service discovery, GeoIP, WAF, bot protection and much more - https://pingoo.io

Score
91
★ 1.0k ⑂ 41 +3/day
Rust
akaunting
akaunting
laravel-firewall

Web Application Firewall (WAF) package for Laravel

Score
88
★ 1.0k ⑂ 116 +1/day
PHP
CHYbeta
CHYbeta
Code-Audit-Challenges

Code-Audit-Challenges

Score
0
★ 988 ⑂ 202
bountyyfi
bountyyfi
lonkero

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.

Score
100
★ 965 ⑂ 80 +4/day
Rust
chaitin
chaitin
blazehttp

BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

Score
22
★ 943 ⑂ 108 +2/day
Go
maxlerebourg
maxlerebourg
crowdsec-bouncer-traefik-plugin

Traefik plugin for Crowdsec - WAF and IP protection

Score
67
★ 826 ⑂ 45 +3/day
Go
leohearts
leohearts
awd-watchbird

A powerful PHP WAF for AWD

Score
53
★ 787 ⑂ 98
PHP
fabriziosalmi
fabriziosalmi
caddy-waf

Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)

Score
56
★ 787 ⑂ 30 +4/day
Go
wallarm
wallarm
awesome-nginx-security

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Score
49
★ 783 ⑂ 75 +2/day
TeaWeb
TeaWeb
build

TeaWeb-可视化的Web代理服务。DEMO: http://teaos.cn:7777

Score
11
★ 755 ⑂ 188
Go
stamparm
stamparm
identYwaf

Blind WAF identification tool

Score
56
★ 739 ⑂ 129
Python
jbe2277
jbe2277
waf

Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

Score
100
★ 731 ⑂ 136 +1/day
C#
aaPanel
aaPanel
aaWAF

aawaf 是一款基于语义分析的Web应用防火墙

Score
81
★ 715 ⑂ 135 +1/day
Go
tempesta-tech
tempesta-tech
tempesta

Web application acceleration, advanced DDoS protection and web security

Score
84
★ 708 ⑂ 110
C
chengdedeng
chengdedeng
waf

:vertical_traffic_light:Web Application Firewall or API Gateway(应用防火墙/API网关)

Score
60
★ 697 ⑂ 205
Java
Funkmyster
Funkmyster
awesome-cloud-security

A curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.

Score
47
★ 666 ⑂ 130
wallarm
wallarm
api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Score
77
★ 652 ⑂ 61
Go
YagamiiLight
YagamiiLight
Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Score
44
★ 647 ⑂ 129
Python
corazawaf
corazawaf
coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

Score
44
★ 643 ⑂ 72 +1/day
Go
JasonLovesDoggo
JasonLovesDoggo
caddy-defender

Caddy module to block or manipulate requests originating from AIs or cloud services trying to train on your websites

Score
79
★ 562 ⑂ 21
Go
apache
apache
casbin-gateway

Casbin AI & MCP security gateway for HTTP, online demo: https://door.caswaf.com

Score
100
★ 560 ⑂ 59
Go
RuiSiang
RuiSiang
PoW-Shield

Project dedicated to fight Layer 7 DDoS with proof of work, with an additional WAF and controller. Completed with full set of features and containerized for rapid and lightweight deployment.

Score
74
★ 406 ⑂ 74
TypeScript
teler-sh
teler-sh
teler-waf

teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks.

Score
40
★ 401 ⑂ 33
Go
chen2he
chen2he
orange-cloud

Open-source native Cloudflare client for iPhone, iPad & Apple Watch — sign in with OAuth, no API tokens to paste. Native Android app (Kotlin/Compose) in development.

Score
0
★ 343 ⑂ 47 +50/day
Swift
kosty-cloud
kosty-cloud
kosty

Scan 30+ AWS services. Find cost waste. Detect security gaps. Map your attack surface. One command.

Score
67
★ 270 ⑂ 24
Python
Rain-kl
Rain-kl
OpenFlare

OpenFlare is an open-source CDN orchestration and edge security platform. It supports reverse proxies, centralized configuration synchronization, secure intranet penetration (Tunnels), dynamic WAF protection, and anti-CC challenges.

Score
33
★ 216 ⑂ 56 +2/day
Go
aws-samples
aws-samples
amazon-bedrock-rag

Fully managed RAG solution implemented using Knowledge Bases for Amazon Bedrock

Score
0
★ 205 ⑂ 56 +1/day
JavaScript
yevh
yevh
VulnPlanet

Vulnerable code snippets with fixes for Web2, Web3, API, iOS, Android and Infrastructure-as-Code (IaC)

Score
0
★ 166 ⑂ 24
umotif-public
umotif-public
terraform-aws-waf-webaclv2

Terraform module to configure WAF V2 Web ACL with managed rules for Application Load Balancer

Score
33
★ 146 ⑂ 124
HCL
uwaserver
uwaserver
uwas

Unified Web Application Server — Apache+Nginx+Varnish+Caddy in a single Go binary. Auto HTTPS, built-in caching, PHP/FastCGI, reverse proxy, load balancing, WAF, web dashboard, and MCP server.

Score
44
★ 123 ⑂ 13
Go
TrixSec
TrixSec
waymap

Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

Score
63
★ 122 ⑂ 23 +1/day
Python
CIDRAM
CIDRAM
CIDRAM

CIDRAM: Classless Inter-Domain Routing Access Manager.

Score
65
★ 112 ⑂ 35
PHP
stone-rhino
stone-rhino
wge

A high-performance web application firewall (WAF) library based on C++

Score
58
★ 102 ⑂ 7 +1/day
C++
hoangtuvungcao
hoangtuvungcao
mango-waf

🥭 Mango Shield Apex: High-performance L7 DDoS Protection & WAF with Real-time DStat Dashboard

Score
0
★ 97 ⑂ 30
Go
BBVA
BBVA
waf-brain

Machine Learning WAF Based

Score
0
★ 96 ⑂ 35
Jupyter Notebook
zentinelproxy
zentinelproxy
zentinel

A security-first reverse proxy built to guard the free web.

Score
0
★ 86 ⑂ 21
Rust
Asuri-Team
Asuri-Team
pwn-sandbox

A sandbox to protect your pwn challenges being pwned in CTF AWD.

Score
28
★ 85 ⑂ 37
owtf
owtf
wafbypasser
Score
30
★ 80 ⑂ 41
Python
quicsec
quicsec
quicsec

HTTP/3-enable existing HTTP apps. Leverage HTTP3 native features and auto-enable workload identity (SPIFFE), AuthN (mTLS/x509, OIDC/Auth0-Okta), AuthZ (OPA), defense-in-depth (WAAP/WAF), and observability (metrics, logs, alerting, dashboard).

Score
19
★ 79 ⑂ 2
Go
daxio
daxio
k8s-lemp

LEMP stack in a Kubernetes cluster

Score
22
★ 79 ⑂ 44
HTML
chaitin
chaitin
lua-resty-t1k

Lua implementation of the T1K protocol for Chaitin/SafeLine WAF

Score
26
★ 74 ⑂ 13
Raku
Related Topics
#security#web-application-firewall#owasp#firewall#security-tools#modsecurity#nginx#golang#python#web-security#xss#api-gateway

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly