[pull] main from vavkamil:main

.github/workflows/security-zizmor.yml

@@ -21,12 +21,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2 # zizmor: ignore[unpinned-uses]
         with:
           persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@v6 # zizmor: ignore[unpinned-uses]
         with:
           python-version: '3.10.4'
 

.github/workflows/stargazers.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.1
+        uses: actions/checkout@v6.0.2 # zizmor: ignore[unpinned-uses]
         with:
           fetch-depth: 0
           persist-credentials: false

README.md

@@ -15,6 +15,7 @@
     - [Parameters](#Parameters)
     - [Fuzzing](#Fuzzing)
     - [Monitoring](#Monitoring)
+    - [Waf Evasion](#Waf-Evasion)
 
 - [Exploitation](#Exploitation)
     - [Command Injection](#Command-Injection)
@@ -393,13 +394,22 @@
 - [metahttp](https://github.com/vp777/metahttp) - A bash script that automates the scanning of a target network for HTTP resources through XXE
 
 ### SSTI Injection
+
 - [tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
 - [SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface
 
-
 ### Web-Cache-Poisoning 
+
 - [toxicache](https://github.com/xhzeem/toxicache) - Go scanner to find web cache poisoning vulnerabilities in a list of URLs .
 
+### Waf Evasion
+
+- [nomore403](https://github.com/devploit/nomore403) - Advanced tool for security researchers to bypass 403/40X restrictions .
+- [XFFenum](https://github.com/vavkamil/XFFenum) - A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header.
+- [Forbidden Buster](https://github.com/Sn1r/Forbidden-Buster) - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system.
+- [nowafpls](https://github.com/assetnote/nowafpls/) - Burp Plugin to Bypass WAFs through the insertion of Junk Data.
+
+---
 
 ## Miscellaneous
 
@@ -539,11 +549,6 @@
 - [SSTImap](https://github.com/vladko312/SSTImap) -  SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself.
 - [Lonkero](https://github.com/bountyyfi/lonkero) - Enterprise-grade web vulnerability scanner with 60+ attack modules, built in Rust for penetration testing and security assessments.
 
-### Forbidden Bypass
-
-- [XFFenum](https://github.com/vavkamil/XFFenum) - A simple tool to bypass 403 forbidden end-points behind load balancers (Cloudflare) based on X-Forwarded-For header.
-- [NoMore403](https://github.com/devploit/nomore403) - Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation.
-- [Forbidden Buster](https://github.com/Sn1r/Forbidden-Buster) - A tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system.
 
 ### Permutation
 

requirements.txt

@@ -1 +1 @@
-zizmor==1.19.0
+zizmor==1.22.0