Skip to main content

HumanoidProbe is a command-line XSS WAF intelligence tool that probes how a WAF responds.

Project description

HumanoidProbe

by CyberSafeLabs Research & development: @cybermansec

Analyse WAF behaviour. Think like an attacker.

HumanoidProbe is a WAF intelligence CLI tool. It probes WAF behaviour, generates context-aware bypass mutations, and builds a local intelligence profile per target over time.

Built from real bug bounty research. Not theory.


Install

pip install humanoidprobe

Update

pip install --upgrade humanoidprobe

Usage

# XSS probe
humanoidprobe -u https://example.com/search -p q --type xss

# View saved WAF profile
humanoidprobe --show-profile https://example.com --type xss

# List all saved profiles
humanoidprobe --list-profiles

# Check version
humanoidprobe --version

# Skip update check
humanoidprobe -u https://example.com/search -p q --no-update-check

How it works

  1. Fires a canary string to probe what the WAF allows
  2. Tests each payload individually as-is
  3. If blocked — generates a context-aware mutation and retries
  4. Stops immediately on first confirmed reflection
  5. Saves confirmed payloads to inventory for future scans
  6. Builds a WAF profile per domain that gets smarter over time

Verdicts

Verdict Meaning
REFLECTED Payload appeared in response — verify execution in browser
PASSED WAF did not block — test manually
BLOCKED WAF caught this payload
ERROR Request failed

Legal & ethical use

Only use HumanoidProbe against targets you have explicit permission to test. Built for legitimate bug bounty and security research only.


CyberSafeLabs — protecting digital assets through research

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

humanoidprobe-1.0.13.tar.gz (15.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

humanoidprobe-1.0.13-py3-none-any.whl (17.5 kB view details)

Uploaded Python 3

File details

Details for the file humanoidprobe-1.0.13.tar.gz.

File metadata

  • Download URL: humanoidprobe-1.0.13.tar.gz
  • Upload date:
  • Size: 15.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for humanoidprobe-1.0.13.tar.gz
Algorithm Hash digest
SHA256 05d7db0d6520a768a84af7119401526522f2346c8a0e4497f7a6d6e7c6be61f3
MD5 715e94b6fd547b80e2950e8f2fec8755
BLAKE2b-256 b8294a531482491f56cd257d861c4203e7bc075fefd764ab8c3d0c1b691e0751

See more details on using hashes here.

File details

Details for the file humanoidprobe-1.0.13-py3-none-any.whl.

File metadata

  • Download URL: humanoidprobe-1.0.13-py3-none-any.whl
  • Upload date:
  • Size: 17.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for humanoidprobe-1.0.13-py3-none-any.whl
Algorithm Hash digest
SHA256 0b06b3b398374b6f8f99fd71b403e5b6bfa609653c8934910cce62488e6c642c
MD5 1522ac3cb423424e9b942d9d234efa6f
BLAKE2b-256 4e12452c71e27d7275187e1e09b77bbe41b6a539d3cf65dae72ededa3c9b4fa5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page