0xinfection/awesome-waf

Awesome-WAF is a curated reference guide covering web application firewalls (WAFs) from a security research and penetration testing perspective. A web application firewall sits between a user and a website, inspecting incoming requests and blocking ones that look malicious, such as attempts to inject code or steal data. This repository collects everything a security researcher or tester would want to know about WAFs in one place. The contents are organized into several areas. The introduction explains how WAFs work and their three main operating modes: blacklist-based (block known bad patterns), whitelist-based (only allow known good patterns), and hybrid models that combine both. The testing methodology section describes how to detect whether a WAF is in front of an application by sending specific requests and observing how the server responds, including looking at cookies, response headers, status codes, and timing. A large WAF fingerprints section lists dozens of specific products and explains the telltale signs each one leaves behind in responses, making it possible to identify which WAF you are dealing with. Following that, the evasion techniques section covers methods researchers use to craft requests that slip past a WAF's filters, including encoding tricks, obfuscation, and exploiting edge cases in how browsers and servers parse input. The repository also links to tools for fingerprinting and testing WAFs, and collects relevant blog posts, video presentations, and research papers. It was originally a personal reference collection by the author, who released it publicly for the security community. The README is primarily a large reference document and the Python code in the repository supports the tooling sections. The full README is longer than what was shown.