Recently, I came across a bash script that checks the effectiveness of a Web Application Firewall (WAF). While it was useful, I wanted a bit more flexibility and the ability to add my own custom checks. I also wasn’t comfortable running a random bash script from the internet on my machine – even in a container. So, I decided to create this small web app, which allows not only me, but also you, to easily test how well your WAF is working.
WAF Checker is a simple, user-friendly service that lets you test your web application firewall against common attack payloads (like SQLi, XSS, Path Traversal, Command Injection, SSRF, NoSQLi, and LFI) using various HTTP methods. You just enter your target URL, select the HTTP methods you want to test, and get a clear, color-coded summary of the results. Just go and try https://waf.secmy.app/
If you’re interested in the latest techniques for bypassing WAF rules, I recommend checking out waf-bypass.com – it’s a great resource for staying up to date with new evasion methods and research.
Feel free to use this tool to test your own WAF and contribute ideas or improvements!
Top comments (0)