Skip to main content

HumanoidProbe is a command-line XSS WAF intelligence tool that probes how a WAF responds to payload variations — telling you what gets blocked, what passes through, and what gets reflected back.

Project description

HumanoidProbe

by CyberSafeLabs

Analyse WAF behaviour. Think like an attacker.

HumanoidProbe is a command-line XSS WAF intelligence tool that probes how a WAF responds to payload variations — telling you what gets blocked, what passes through, and what gets reflected back.

Built from real bug bounty research. Not theory.


What it does

  • Fires categorised XSS payload variations at a target URL and parameter
  • Detects WAF blocks via status codes, response body analysis, and response length changes
  • Identifies reflected payloads — the highest value findings
  • Summarises WAF behaviour and what it appears to be filtering
  • Gives you actionable intelligence to craft smarter bypass payloads

Installation

1. Make sure Python 3 is installed

python3 --version

If not:

sudo apt update && sudo apt install python3 python3-pip -y

2. Install the dependency

pip3 install requests

Usage

python3 humanoidprobe.py -u <URL> -p <parameter>

Example:

python3 humanoidprobe.py -u https://example.com/search -p q

With options:

python3 humanoidprobe.py -u https://example.com/search -p q --delay 1 --timeout 15

Options

Flag Description Default
-u / --url Target URL Required
-p / --parameter GET parameter to test Required
--payloads Custom payload file path payloads/xss.txt
--delay Seconds between requests 0.5
--timeout Request timeout in seconds 10

Output verdicts

Verdict Meaning
REFLECTED Payload passed AND appeared in the response — investigate in browser immediately
PASSED WAF did not block — worth exploring further
BLOCKED WAF caught this payload
ERROR Request failed (timeout, connection error)

Project structure

humanoidprobe/
├── humanoidprobe.py    # Main entry point — what you run
├── payloads/
│   └── xss.txt         # XSS payload list
├── core/
│   ├── requester.py    # Sends HTTP requests
│   ├── detector.py     # Analyses responses (blocked vs passed)
│   └── reporter.py     # Terminal output and summary
└── README.md

Roadmap

  • WAF memory — builds a profile of WAF behaviour across sessions
  • Intelligent bypass suggestions — generates mutations based on what passed
  • POST parameter support
  • SQLi payload module
  • Output to file (JSON / txt)
  • Burp Suite integration
  • Full recon and attack surface mapping modules
  • Humanoid Intelligence — AI layer (coming in future versions)

Legal & ethical use

Only use HumanoidProbe against targets you have explicit permission to test. Unauthorised testing is illegal. This tool is built for legitimate security research and bug bounty programmes only.


About

HumanoidProbe is the first tool from CyberSafeLabs — an independent cybersecurity research initiative focused on protecting digital assets through offensive research, vulnerability discovery, and practical security tooling.

The long-term vision: Humanoid Intelligence — an AI-powered security research platform built from real hunting experience.

CyberSafeLabs — protecting digital assets through research

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

humanoidprobe-1.0.2.tar.gz (9.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

humanoidprobe-1.0.2-py3-none-any.whl (9.7 kB view details)

Uploaded Python 3

File details

Details for the file humanoidprobe-1.0.2.tar.gz.

File metadata

  • Download URL: humanoidprobe-1.0.2.tar.gz
  • Upload date:
  • Size: 9.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for humanoidprobe-1.0.2.tar.gz
Algorithm Hash digest
SHA256 f43af41260439c29c0f88c9d48a88b8807dcfbc2f4c2a3284b1f5e6ce9c5e37b
MD5 c43164bde40c070b1c64f47bbf75cc4d
BLAKE2b-256 0ef9a0cf630d93f63dac18a22eceed52a128dd3d035a09e34ece8c1131ef9bfc

See more details on using hashes here.

File details

Details for the file humanoidprobe-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: humanoidprobe-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 9.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for humanoidprobe-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 e3043c61b4f91cb107c7afd208096cdc779f55aaa83ff8d5e7e34f0853d5fe53
MD5 8ca7fccdd8c4510d063552753873a88e
BLAKE2b-256 f3ec2cf511cd7283db458a85f85a5a801bc6ddbb88d63420d561491f842686c9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page