Search the Community

GoTestWAF is a tool for API and OWASP attack simulation, that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and others. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, and others. Changelog v0.3.1 Fixed bugs [hide][Hidden Content]]

Ethical Hacking: Evading IDS, Firewalls, and Honeypots — Lynda — Updated 2/10/2021 Ethical hacking—testing to see if an organization’s network is vulnerable to outside attacks—is a desired skill for many IT security professionals. In this course, cybersecurity expert Malcolm Shore prepares you to take your first steps into testing client defenses. Malcolm provides you with an overview of firewall technology, detailing how firewalls work in both Windows and Linux, as well as how to set up a firewall simulation in a GNS3 network. Next, he goes over web application firewalls, API gateway threat mitigation solutions, and how to use honeypots to detect intruders. Finally, he covers the main ways to manage a suspected intrusion, including how to use the Security Onion intrusion detection system (IDS). Note: The topics covered in this course are drawn from the Evading IDS, Firewalls, and Honeypots competency in the Certified Ethical Hacker (CEH) body of knowledge. Topics include: Applying the basics of the Windows Firewall Using advanced features in the Windows Firewall Reviewing firewall logs Linux iptables Setting up an iptables firewall Managing rules with Firewall Builder Setting up a Cisco PIX firewall Installing GNS3 How web application firewalls protect web servers Protecting API services with the WSO2 gateway Running the Cowrie honeypot Detecting intrusions with Security Onion [Hidden Content]] [hide][Hidden Content]]

Ethical hacking—testing to see if an organization's network is vulnerable to outside attacks—is a desired skill for many IT security professionals. In this course, cybersecurity expert Malcolm Shore prepares you to take your first steps into testing client defenses. Malcolm provides you with an overview of firewall technology, detailing how firewalls work in both Windows and Linux, as well as how to set up a firewall simulation in a GNS3 network. Next, he goes over web application firewalls, API gateway threat mitigation solutions, and how to use honeypots to detect intruders. Finally, he covers the main ways to manage a suspected intrusion, including how to use the Security Onion intrusion detection system (IDS). Note: The topics covered in this course are drawn from the Evading IDS, Firewalls, and Honeypots competency in the Certified Ethical Hacker (CEH) body of knowledge. Topics include: Applying the basics of the Windows Firewall Using advanced features in the Windows Firewall Reviewing firewall logs Linux iptables Setting up an iptables firewall Managing rules with Firewall Builder Setting up a Cisco PIX firewall Installing GNS3 How web application firewalls protect web servers Protecting API services with the WSO2 gateway Running the Cowrie honeypot Detecting intrusions with Security Onion [Hidden Content] [hide][Hidden Content]]

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… Changelog v1.7 Bunch of issue fixes with a few new wafs added into it enjoy [HIDE][Hidden Content]]

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… Changelog v1.5.4 minor update to Cloudflare detection via issue #299 [HIDE][Hidden Content]]

WhatWaf is an advanced firewall detection tool whose goal is to give you the idea of “There’s a WAF?”. WhatWaf works by detecting a firewall on a web application and attempting to detect a bypass (or two) for said firewall, on the specified target. Features Ability to run on a single URL with the -u/--url flag Ability to run through a list of URL’s with the -l/--list flag Ability to detect over 40 different firewalls Ability to try over 20 different tampering techniques Ability to pass your own payloads either from a file, from the terminal, or use the default payloads Default payloads that are guaranteed to produce at least one WAF triggering Ability to bypass firewalls using both SQLi techniques and cross-site scripting techniques Ability to run behind multiple proxy types (socks4, socks5, http, https, and Tor) Ability to use a random user agent, personal user agent, or custom default user agent Auto-assign protocol to HTTP or ability to force protocol to HTTPS A built-in encoder so you can encode your payloads into the discovered bypasses More to come… [Hidden Content]