{"id":13740303,"url":"https://github.com/OWASP/raider","last_synced_at":"2025-05-08T20:30:58.918Z","repository":{"id":37041190,"uuid":"406428008","full_name":"OWASP/raider","owner":"OWASP","description":"OWASP Raider: a novel framework for manipulating the HTTP processes of persistent sessions","archived":false,"fork":false,"pushed_at":"2023-07-20T11:56:34.000Z","size":31156,"stargazers_count":103,"open_issues_count":54,"forks_count":23,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-11-07T08:51:24.753Z","etag":null,"topics":["authentication","authorization","finite-state-machine","fsm","hy","hylang","lisp","owasp","python","raiderauth","security"],"latest_commit_sha":null,"homepage":"https://raiderauth.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-09-14T15:42:09.000Z","updated_at":"2024-08-20T12:48:41.000Z","dependencies_parsed_at":"2024-01-07T18:10:15.717Z","dependency_job_id":null,"html_url":"https://github.com/OWASP/raider","commit_stats":{"total_commits":338,"total_committers":6,"mean_commits":"56.333333333333336","dds":0.242603550295858,"last_synced_commit":"45eefca75efb1a2b8ea6f0a197b2a0c68e797365"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fraider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fraider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fraider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fraider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/raider/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224765438,"owners_count":17366119,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","finite-state-machine","fsm","hy","hylang","lisp","owasp","python","raiderauth","security"],"created_at":"2024-08-03T04:00:46.022Z","updated_at":"2024-11-15T10:30:32.473Z","avatar_url":"https://github.com/OWASP.png","language":"Python","funding_links":[],"categories":["Authentication","`Authentication Development`"],"sub_categories":["\u003ca name=\"authN-python\"\u003e\u003c/a\u003ePython"],"readme":"![Raider logo](https://raiderauth.com/images/logo/logo.png)\n\n# Quick links\n\n- [Website](https://raiderauth.com/).\n- [OWASP page](https://owasp.org/www-project-raider/).\n- [Documentation](https://docs.raiderauth.com/en/latest/).\n- [Installation](https://docs.raiderauth.com/en/latest/overview/install.html).\n- [FAQ](https://docs.raiderauth.com/en/latest/overview/faq.html).\n- [Getting started](https://docs.raiderauth.com/en/latest/tutorials/getting_started.html).\n- [Architecture](https://docs.raiderauth.com/en/latest/case_studies/architecture.html).\n- [Discussions](https://github.com/OWASP/raider/discussions).\n- [Issues](https://github.com/OWASP/raider/issues).\n- [Twitter](@raiderauth).\n- [Fediverse](@raiderauth@infosec.exchange).\n\n# What is Raider\n\nOWASP Raider was developed with the goal to improve web authentication\ntesting. By now it has evolved and can be used for all kinds of\nstateful HTTP processes.  It abstracts the client-server information\nexchange as a finite state machine. Each step comprises one request\nwith inputs, one response with outputs, arbitrary actions to do on the\nresponse, and conditional links to other stages. Thus, a graph-like\nstructure is created. Raider allows you to simulate complex systems\nwhile allowing you to control each piece of data you get in and out of\nthe system.\n\n# Graph-like architecture\n\nRaider defines a DSL to describe the information flow between the\nclient and the server for HTTP processes. Each step of the process is\ndescribed by a Flow, which contains the Request with inputs, Response\nwith outputs, and arbitrary actions including links to other Flows:\n\n![Flows](https://raiderauth.com/images/illustrations/raider_flows.png)\n\nChaining several Flows together can be used to simulate any stateful\nHTTP process. FlowGraphs indicate the starting point. They can be\nplaced on any Flow. A FlowGraphs runs all Flows in the link until\nSuccess/Failure is returned or if there are no more links.\n\n![Flows and FlowGraphs](https://raiderauth.com/images/illustrations/graph.png)\n\n# Configuration\n\nRaider's configuration is inspired by Emacs. Hylang is used, which is\nLISP on top of Python. LISP is used because of its \"Code is Data, Data\nis Code\" property. With the magic of LISP macros generating\nconfiguration automatically becomes easy. Flexibility is in its DNA,\nmeaning it can be infinitely extended with actual code. \nYou can use it for example to create, store, reproduce, and share\nproof-of-concepts easily for HTTP attacks. With Raider you can also\nsearch through your Projects, filter by hyfile, Flows, FlowGraphs,\netc... Then you run either just one step, or a chain of steps, so you\ncan automate and run tests on any HTTP process.\n\n\n![Example hylang configuration](https://raiderauth.com/images/illustrations/config.png)\n\n\n# Command line interface\n\nYou can use it for example to create, store, reproduce, and share\nproof-of-concepts easily for HTTP attacks. With Raider you can also\nsearch through your Projects, filter by hyfile, Flows, FlowGraphs,\netc... Then you run either just one step, or a chain of steps, so you\ncan automate and run tests on any HTTP process.\n\nYou can also search through your Projects, filter by hyfile, Flows,\nFlowGraphs, etc… Then you run either just one step, or a chain of\nsteps, so you can automate and run tests the HTTP process.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2Fraider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOWASP%2Fraider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOWASP%2Fraider/lists"}