Open-source projects categorized as Waf Edit details

Top 23 Waf Open-Source Projects

  • ModSecurity

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

    Project mention: What (software, open source) WAF are you using with (open source) Nginx? | reddit.com/r/nginx | 2022-05-26

    I'm currently erring toward ModSecurity & the Nginx connector now that it's been de-Apache'd.

  • Awesome-WAF

    🔥 Everything about web-application firewalls (WAF).

    Project mention: xss waf bypass | reddit.com/r/hacking | 2022-07-24

    This: https://github.com/0xInfection/Awesome-WAF

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • naxsi

    NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

    Project mention: What (software, open source) WAF are you using with (open source) Nginx? | reddit.com/r/nginx | 2022-05-26

    I was using Naxsi until recently, but changes to PCRE compatibility have broken it for now, and the most recent commit was around 6 months ago. I can't help with the code commits, so I'm looking for alternatives.

  • wafw00f

    WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

    Project mention: Python Scanner, Faster than Nmap. | reddit.com/r/Python | 2021-10-23

    I am thinking about implementation of https://github.com/EnableSecurity/wafw00f.

  • Padrino

    Padrino is a full-stack ruby framework built upon Sinatra.

  • openrasp

    🔥Open source RASP solution

    Project mention: Project includes a dependancy that has a license that forbids its use | news.ycombinator.com | 2021-08-22
  • lua-resty-waf

    High-performance WAF built on the OpenResty stack

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • roxy-wi

    Web interface for managing Haproxy, Nginx, Apache and Keepalived servers

    Project mention: WAF in Roxy-WI: Basic GUI Web Application Security | reddit.com/r/homelab | 2022-01-11

    Our website: https://roxy-wi.org/

  • ModSecurity-nginx

    ModSecurity v3 Nginx Connector

    Project mention: What (software, open source) WAF are you using with (open source) Nginx? | reddit.com/r/nginx | 2022-05-26

    I'm currently erring toward ModSecurity & the Nginx connector now that it's been de-Apache'd.

  • gotestwaf

    An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

    Project mention: OWASP TOP 10 mapped to AWS Managed Rules | dev.to | 2022-04-20

    If you are searching for a solution to deploy, update, and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager take a look at the AWS Firewall Factory tool. AWS Firewall Factory is able to test your deployed firewall using GoTestWAF. GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC and many more. It was designed to evaluate web application security solutions, such as API security proxies, Web Application Firewalls, IPS, API gateways, etc.

  • xash3d-fwgs

    Xash3D FWGS engine. Rebooted fork since big Xash3D 0.99(1.0 is not yet) update.

    Project mention: how do i download cs 1.6 | reddit.com/r/counterstrike | 2022-08-17
  • coraza

    OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

    Project mention: Traefik WAF Plugin with OWASP/Modsecurity | reddit.com/r/selfhosted | 2021-12-24
  • WPF Application Framework (WAF)

    Win Application Framework (WAF) is a lightweight Framework that helps you to create well structured XAML Applications.

  • curiefense

    Curiefense is a unified, open source platform protecting cloud native applications.

    Project mention: Curiefense | reddit.com/r/devopspro | 2022-04-22
  • api-firewall

    Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

    Project mention: Open Source API proxy firewall for request and response validation by OpenAPI specs. 70% faster than Nginx! | reddit.com/r/coolgithubprojects | 2022-05-11

    The product is open source, available at DockerHub and already got 1 billion (!!!) pulls. To support this project, you can star the repository. Check it out: https://github.com/wallarm/api-firewall

  • raptor_waf

    Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta

    Project mention: Raptor WAF - web application firewall made in C from the scratch | reddit.com/r/netsec | 2022-06-09
  • OctopusWAF

    OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent.

    Project mention: OctopusWAF: Un WAF( Web application firewall) de alto rendimiento, hecho en lenguaje C 🔥 | reddit.com/r/u_esgeeks | 2022-06-24
  • waf-bypass

    WAF Bypass Test Tool by Nemesida WAF Team

    Project mention: Nemesida WAF Free – free Nginx WAF with the minimum False Positive and amazing Web visualisation | reddit.com/r/websec | 2022-03-04

    We can also recommend our waf-bypass tool to check your WAF https://github.com/nemesida-waf/waf-bypass

  • awesome-cloud-security

    Curated list of awesome cloud security blogs, podcasts, standards, projects, and examples. (by Funkmyster)

    Project mention: Cloud Security | reddit.com/r/redteamsec | 2021-09-19
  • tl-ops-manage

    api-gateway, framework for service management based on openresty。balance, health-check, limit-fuse, waf, 负载均衡,健康检查,服务熔断,服务限流,动态配置,数据统计, waf过滤,黑白名单,基于openresty的API网关

    Project mention: API Gateway Based on Openresty | news.ycombinator.com | 2022-07-26
  • Waf DotNetPad

    The Waf DotNetPad is a simple and fast code editor that makes fun to program with C# or Visual Basic.

  • PoW-Shield

    Project dedicated to fight Layer 7 DDoS with proof of work, featuring an additional WAF. Completed with full set of features and containerized for rapid and lightweight deployment.

    Project mention: Project to fight DDoS with proof of work | dev.to | 2022-08-01

    Project Link: PoW Shield.


    CIDRAM: Classless Inter-Domain Routing Access Manager.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-08-17.

Waf related posts


What are some of the best open-source Waf projects? This list will help you:

Project Stars
1 ModSecurity 5,601
2 Awesome-WAF 4,581
3 naxsi 4,083
4 wafw00f 3,534
5 Padrino 3,326
6 openrasp 2,267
7 lua-resty-waf 1,169
8 roxy-wi 1,121
9 ModSecurity-nginx 1,089
10 gotestwaf 833
11 xash3d-fwgs 672
12 coraza 629
13 WPF Application Framework (WAF) 620
14 curiefense 522
15 api-firewall 384
16 raptor_waf 280
17 OctopusWAF 163
18 waf-bypass 161
19 awesome-cloud-security 157
20 tl-ops-manage 136
21 Waf DotNetPad 118
22 PoW-Shield 107
23 CIDRAM 95
Find remote jobs at our new job board 99remotejobs.com. There are 3 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives