一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术，作为反向代理接入，保护你的网站不受黑客攻击。

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…

🔥 Web-application firewalls (WAFs) from security standpoint.

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

My simple Swiss Army knife for http/https troubleshooting and profiling.

Padrino is a full-stack ruby framework built upon Sinatra.

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

🔥Open source RASP solution

Detect and bypass web application firewalls and protection systems

Collection of quality safety articles. Awesome articles.

python3写的综合扫描工具，主要用来存活验证，敏感文件探测(目录扫描/js泄露接口/html注释泄露)，WAF/CDN识别，端口扫描，指纹/服务识别，操作系统识别，POC扫描，SQL注入，绕过CDN，查询旁站等功能，主要用来甲方自测或乙方授权测试，请勿用来搞破坏。

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

ModSecurity v3 Nginx Connector

Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Xash3D FWGS engine.

High-performance WAF built on the OpenResty stack

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。