Displaying 1 to 20 from 22 results

WhatWaf - Detect and bypass web application firewalls and protection systems

  •    Python

WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.

SpookFlare - Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures

  •    Python

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads. Special thanks to the following projects and contributors.


  •    HTML

GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. Browse the project here.

TrustMeAlready - πŸ”“ Disable SSL verification and pinning on Android, system-wide

  •    Java

An Xposed module to disable SSL verification and pinning on Android using the excellent technique provided by Mattia Vinci. The effect is system-wide.

The (E)Lephant, The share sites download manager! [RapidShare MegaUpload ++]


The (E)Lephant is a project i have started about two years ago that holds the sole purpose of helping users to help users with rapidshare automatic downloading support, or any other share host for that matter! It automatically downloads from rapidshare with much more to it!


  •    DotNet

A tiny application designed for downloading files available at the most popular file hosting servers. Don't click - queue it.

fresh-require - Bypass the require cache when requiring a module – works with both node and browserify

  •    Javascript

Bypass the require cache when requiring a module – works with both node and browserify.Where module is the name of the module you're requiring, as you would normally pass to require. require should be your file's local require function.

import-fresh - Import a module while bypassing the cache

  •    Javascript

Useful for testing purposes when you need to freshly import a module.

mysql-unsha1 - Authenticate against a MySQL server without knowing the cleartext password

  •    C

Authenticate against a MySQL server without knowing the cleartext password. This PoC shows how it is possible to authenticate against a MySQL server under certain circumstances without knowing the cleartext password when the Secure Password Authentication authentication plugin (aka mysql_native_password, the default method) is used.

BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

  •    Java

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group. The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.

bypasses - Repackaging of Bypass with additional features

  •    Java

See the sample for more. Image loading can be done via the ImageGetter interface. Libraries exist for Picasso and Glide.

bypass-censorship-korea - :page_with_curl: ν•œκ΅­μ—μ„œ 인터넷 검열을 ν”Όν•˜λŠ” 방법

  •    Javascript

λ³Έ λ¬Έμ„œλŠ” κ΅­λ‚΄ ISP μœ ν•΄ μ‚¬μ΄νŠΈ ν•„ν„°λ§μ˜ 취약점을 κ°„λž΅ν•˜κ²Œ μ„€λͺ…해놓은 λ¬Έμ„œμ΄λ©°, 이 λ¬Έμ„œμ˜ λ‚΄μš©μ„ μ•…μš©ν•  μ‹œμ—λŠ” 법적 λ¬Έμ œκ°€ λ°œμƒν•  수 있으며, 그둜 λ°œμƒν•œ 사고에 λŒ€ν•΄μ„œ μž‘μ„±μžλŠ” μ ˆλŒ€ μ±…μž„μ§€μ§€ μ•ŠμŠ΅λ‹ˆλ‹€. ν•œκ΅­μ—μ„œ μ‹œλŒ€λ₯Ό μ—­ν–‰ν•˜λŠ” warning.or.kr을 ν”Όν•˜λŠ” 방법과 Node.js 기반 μ½”λ“œλ₯Ό ν¬ν•¨ν•˜κ³  μžˆμŠ΅λ‹ˆλ‹€.

Humanoid - Node.js package to bypass CloudFlare's anti-bot JavaScript challenges

  •    Javascript

A Node.js package to bypass WAF anti-bot JS challenges. Humanoid is a Node.js package to solve and bypass CloudFlare (and hopefully in the future - other WAFs' as well) JavaScript anti-bot challenges. While anti-bot pages are solvable via headless browsers, they are pretty heavy and are usually considered over the top for scraping. Humanoid can solve these challenges using the Node.js runtime and present the protected HTML page. The session cookies can also be delegated to other bots to continue scraping causing them to avoid the JS challenges altogether.

PRISM-AP - An automated Wireless RogueAP MITM attack framework.

  •    Shell

PRISM-AP is an automated Wireless RogueAP MITM attack framework. This script is distributed "as is" and no support will be provided in it's current state (not intended for beginners).

abuse-ssl-bypass-waf - Bypassing WAF by abusing SSL/TLS Ciphers

  •    Python

Notice: If you are worry about WAF drop the connection, you have better not use -thread option.

RIPv6 - Random IPv6 - circumvents restrictive IP address-based filter and blocking rules

  •    Shell

A precondition for RIPv6 is an existing gateway that carries out the routing of the IPv6 network. The specific address range and this gateway are currently defined in the script itself in the Variables section. This section can also be used to define the time value for the rotation of IP addresses. In a later version these values can also be defined using parameters. IP addresses in the network range are randomly generated by the GenerateAddress() function, which currently generates addresses for a /64 subnet. Support for /48 networks is planned. The original function itself comes from Vladislav V. Prodan, although I have modified and shortened it for my own purposes.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.