WAF Payload Generator for Web App Pen Tests + Bug Bounty

Ever run into a WAF that stops you dead in your tracks in exploiting a vulnerability?

Annoyed because you know a WAF doesn’t actually fix the underlying issues.

Well I know I have. And I hope that this tool comes in handy in the future.

It’s called TamperThemAll and it takes payloads you feed into it and creates permutations and combinations for you to use against a WAF.

Check it out HERE

Install it like so

cd /opt/WEB
sudo git clone https://github.com/francescolacerenza/TamperThemAll

Use it like this:

python3 tta3.py -p '<script>alert(document.domain)</script>' -l 3 -o out


Leave a Reply