WAFPASS alternatives

Looking for an alternative tool to replace WAFPASS? During the review of WAFPASS we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. WhatWaf (WAF detection)
  2. opensvp (firewall testing tool)
  3. wafw00f (Fingerprint web application firewall technology)

These tools are ranked as the best alternatives to WAFPASS.

Alternatives (by score)

64

WhatWaf

Introduction

WhatWaf can be helpful during security assessments to learn if a web application is protected by a WAF. If so, the bypass and avoidance techniques may help to further test or exploit the related web application.

Project details

WhatWaf is written in Python.

Strengths and weaknesses

  • + The source code of this software is available
  • - No releases on GitHub available

Typical usage

  • Application discovery
  • Application fingerprinting
  • Software identification
  • WAF bypassing
  • Web application analysis

WhatWaf review

60

opensvp

Introduction

Tools like opensvp can be used to test the strength of a configuration from the outside. It makes it a good tool for penetration testing and security assessments. While people may feel safe to have a firewall in place, it might be unknowingly vulnerable to several attacks on protocol level. This tool helps with finding these weaknesses.

Project details

opensvp is written in Python.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Application testing
    • Defense testing
    • Penetration testing
    • Security assessment

    opensvp review

    85

    wafw00f

    Introduction

    wafw00f is a security tool to perform fingerprinting on web applications and detect any web application firewall in use.

    Project details

    wafw00f is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Application fingerprinting
      • Information gathering
      • Penetration testing
      • Reconnaissance
      • Security assessment

      wafw00f review

      64

      XSStrike

      Introduction

      XSStrike is an XSS detection suite with the goal to reduce the false positives to zero. It can achieve this with its own fuzzing engine. The tool also allows generating custom payloads, which is rare within this line of tools.

      Project details

      XSStrike is written in Python.

      Strengths and weaknesses

      • + Very low number of dependencies
      • + The source code of this software is available
      • - No releases on GitHub available

      Typical usage

      • Application fuzzing
      • Web application analysis

      XSStrike review

      Some relevant tool missing as an alternative to WAFPASS? Please contact us with your suggestion.