WAFPASS alternatives

Looking for an alternative tool to replace WAFPASS? During the review of WAFPASS we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. WhatWaf (WAF detection)
  2. opensvp (firewall testing tool)
  3. XSStrike (XSS detection and exploitation suite)

These tools are ranked as the best alternatives to WAFPASS.

Alternatives (by score)

60

WhatWaf

Introduction

WhatWaf can be helpful during security assessments to learn if a web application is protected by a WAF. If so, the bypass and avoidance techniques may help to further test or exploit the related web application.

Project details

WhatWaf is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • WAF bypassing
  • Application discovery
  • Application fingerprinting
  • Software identification
  • Web application analysis

WhatWaf review

60

opensvp

Introduction

Tools like opensvp can be used to test the strength of a configuration from the outside. It makes it a good tool for penetration testing and security assessments. While people may feel safe to have a firewall in place, it might be unknowingly vulnerable to several attacks on protocol level. This tool helps with finding these weaknesses.

Project details

opensvp is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Application testing
    • Defense testing
    • Penetration testing
    • Security assessment

    opensvp review

    60

    XSStrike

    Introduction

    XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.

    Project details

    XSStrike is written in Python.

    Strengths and weaknesses

    • + More than 5000 GitHub stars
    • + Very low number of dependencies
    • + The source code of this software is available

      Typical usage

      • Application fuzzing
      • Web application analysis

      XSStrike review

      60

      wafw00f

      Introduction

      wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

      Project details

      wafw00f is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application fingerprinting
        • Information gathering
        • Penetration testing
        • Reconnaissance
        • Security assessment

        wafw00f review

        Some relevant tool missing as an alternative to WAFPASS? Please contact us with your suggestion.