3 Repos
Sending parameter probes using GET, POST, JSON, and XML formats to discover parameters across different input types.
Distinct from HTTP Methods: Distinct from HTTP Methods: focuses on probing with multiple request body formats for parameter discovery, not just method-level definitions.
Explore 3 awesome GitHub repositories matching web development · Multi-Format Request Probes. Refine with filters or upvote what's useful.
WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Sends malicious payloads to trigger WAF-specific responses for vendor identification.
Arjun is an HTTP parameter discovery tool that identifies valid parameters on web endpoints by testing large dictionaries of parameter names against target URLs. It systematically probes endpoints using GET, POST, JSON, and XML request formats to find which parameters the server accepts, and can detect parameters whose values appear reflected in the response body. The tool distinguishes itself through its multi-method scanning approach, passive parameter collection from public archives like OTX and CommonCrawl, and its ability to detect value-sensitive parameters that only trigger a response
Sends probes using GET, POST, JSON, and XML formats to discover parameters across different input types.
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
Sends marker requests to determine which special characters are reflected, informing the depth of subsequent testing.