Bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation techniques to help prevent detection …
Tag Archives: waf
Wafw00f : Identify & Fingerprint Web Application Firewall
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses …
Continue reading “Wafw00f : Identify & Fingerprint Web Application Firewall”
XORpass : Encoder To Bypass WAF Filters Using XOR Operations
XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone https://github.com/devploit/XORpass cd XORpass $ php encode.php STRING $ php decode.php “XORed STRING” Example of bypass Using clear PHP function: Also Read – JSONBee : A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites …
Continue reading “XORpass : Encoder To Bypass WAF Filters Using XOR Operations”
WAFw00f : Identify & Fingerprint Web Application Firewall (WAF) Products Protecting A Website
WAFW00F identifies and fingerprints Web Application Firewall (WAF) products. To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF …
NAXSI : WAF For NGINX
NAXSI is an Open-Source, High Performance, Low Rules Maintenance WAF For NGINX. NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved …
IdentYWAF : Blind WAF Identification Tool
identYwaf is an identification tool that can recognise web protection type (i.e. WAF) based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive (non-destructive) payloads, where those are used only to trigger the web protection system in between (e.g. http://<host>?aeD0oowi=1 AND 2>1). Currently it supports more than 70 …
Continue reading “IdentYWAF : Blind WAF Identification Tool”
Janusec – Golang Based Application Security Solution Which Provides WAF
Janusec Application Gateway, an application security solutions which provides WAF (Web Application Firewall), unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Also ReadPastego – Scrape/Parse Pastebin Using GO & Expression Grammar Janusec Key Features WAF (Web Application Firewall), block SQL Injection, …
Continue reading “Janusec – Golang Based Application Security Solution Which Provides WAF”
WAF-Buster : Disrupt WAF by abusing SSL/TLS Ciphers
WAF-buster tool was created to Analyze the ciphers that are supported by the Web application firewall being used at the web server end. It works by first triggering SslScan to look for all the supported ciphers during SSL/TLS negotiation with the web server.After getting the text file of all the supported ciphers, then we use …
Continue reading “WAF-Buster : Disrupt WAF by abusing SSL/TLS Ciphers”
Raptor WAF – Web application firewall using DFA
Raptor WAF is a Open Source Web application firewall tool made in C, utilizes DFA to block SQL infusion, Cross website scripting and way traversal. It is widely use now a days for the following; Block XSS, SQL injection attacks and path traversal with Raptor. Use blacklist IPs to block some users at the config/blacjlist_ip.txt Use IPv6 …
Continue reading “Raptor WAF – Web application firewall using DFA”
Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing
UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, …
Continue reading “Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing”