Raptor WAF - C Based Web Application Firewall
Raptor is a C based open source web application firewall that uses DFA (Deterministic Finite Automata) to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. It allows you to block some users with the blacklist of IPs (config/blacklist_ip.txt).
Usage:
$ git clone https://github.com/CoolerVoid/raptor_waf
$ cd raptor_waf; make; bin/raptor
Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor".
Examples:
Up some HTTPd server at port 80 redirect with raptor to port 8883:$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txtCopy vulnerable PHP code to your web server directory:
$ cp doc/test_dfa/test.php /var/www/htmlNow you can test xss attacks at http://localhost:8883/test.php
Other option to run(now with regex, look file config/regex_rules.txt to edit rules):
$ bin/Raptor -h 127.0.0.1 -p 80 -r 8883 -w 0 -o resultwaf -m pcre
You might also like:
- GPing - Ping, But with a Graph
- Toxy - Hackable HTTP Proxy for Resiliency Testing and Simulated Network Conditions
- BackdoorMe - Powerful Auto-Backdooring Utility
- PentestPackage - A Collection of Scripts for Pentesting
- Ares - Python Botnet and Backdoor
- 0d1n - Tool For Bruteforcing Web Applications
- AutoBrowser - Create Report and Screenshots of HTTP/S Based Ports on the Network
- Nikto - Web Server Scanner
- SQLiPy - A SQLMap Plugin for Burp Suite
- Proxenet - Hacker-Friendly Proxy for Web Application Pentests
- bWAPP - An Extremely Buggy Web App For Practising Hacking
- Brakeman - A Static Analysis Security Vulnerability Scanner For Ruby on Rails Applications
- jSQL Injection - A Cross-Platform SQL Injection Tool
- Cookie Cadger - Free Tool For Identifying Information Leakage and Hijacking Sessions
Post a Comment