waf-bypass-hunter
OfficialDiscover WAF bypasses via parser differences.
Software Engineering#web-security#waf-bypass#parser-diff#prototype-pollution#exploit-payloads#security-testing
AuthorHacktronAI
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security researchers automatically discover bypass techniques against a WAF by analyzing parser differences between Go (WAF) and Node.js (backend), enabling faster discovery of bypass payloads and reducing manual trial-and-error.
Core Features & Use Cases
- Parser-differential testing: Tests multiple payload variants to identify bypasses that bypass WAF filtering while still being parsed by the backend.
- Payload cataloging: Maintains a library of bypass payload patterns and evaluation results.
- Use Case: A pentester wants to enumerate WAF bypass techniques for a lab environment; the skill can generate and test payloads against a local WAF to gather bypass evidence and potential CVEs.
Quick Start
Run a basic bypass test against the local WAF at port 9091 using a minimal test payload, then review results and logs in the executor.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: waf-bypass-hunter Download link: https://github.com/HacktronAI/skills/archive/main.zip#waf-bypass-hunter Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.