{"id":17928611,"url":"https://github.com/evilsocket/quijote","last_synced_at":"2025-09-17T23:32:12.156Z","repository":{"id":54553925,"uuid":"216018351","full_name":"evilsocket/quijote","owner":"evilsocket","description":"Quijote is an highly configurable HTTP middleware for API security.","archived":false,"fork":false,"pushed_at":"2021-02-10T23:01:17.000Z","size":63,"stargazers_count":49,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-05-02T00:07:32.713Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/evilsocket.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-18T12:24:14.000Z","updated_at":"2024-03-21T16:53:15.000Z","dependencies_parsed_at":"2022-08-13T19:31:00.513Z","dependency_job_id":null,"html_url":"https://github.com/evilsocket/quijote","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/evilsocket/quijote","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fquijote","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fquijote/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fquijote/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fquijote/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/evilsocket","download_url":"https://codeload.github.com/evilsocket/quijote/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/evilsocket%2Fquijote/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275683725,"owners_count":25509288,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-17T02:00:09.119Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-28T21:04:17.485Z","updated_at":"2025-09-17T23:32:11.888Z","avatar_url":"https://github.com/evilsocket.png","language":"Go","readme":"\u003cp align=\"center\"\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/evilsocket/quijote/releases/latest\"\u003e\u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/evilsocket/quijote.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/evilsocket/quijote/blob/master/LICENSE.md\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-GPL3-brightgreen.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://travis-ci.org/evilsocket/quijote\"\u003e\u003cimg alt=\"Travis\" src=\"https://img.shields.io/travis/evilsocket/quijote/master.svg?style=flat-square\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/evilsocket/quijote\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/evilsocket/quijote?style=flat-square\u0026fuckgithubcache=1\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n**Quijote** is an highly configurable HTTP middleware for web and API services in Go, aimed at detecting the low hanging \nfruits in terms of web attacks and therefore providing a basic layer of security. It might not detect the most sophisticated \nattacks, but damn, it will never stop trying! (And it's better than nothing?)\n\n**THIS PROJECT IS ACTIVELY BEING DEVELOPED, DO NOT USE IN PRODUCTION YET.** \n\n... but if you can help improving the rules, the code base, writing tests or whatever, all PRs are welcome! :D\n\n#### Rules\n\nThe engine is compatible with every framework that supports Go's standard middleware structure and it's based on yaml rules \nthat can be ether raw strings or regular expressions (and in the near future, javascript rules too), so that you can use \nit to detect basic attacks:\n\n```yaml\nname: simple_xss_example\nenabled: true\ntype: re\nscope: '*'\nparts:\n  # just a tag\n  - \u003c[^\u003e]+\u003e\n  # open tag with script\n  - \u003c[^\u003e]+script:.+\n```\n\nOr as a blocklist for known offenders:\n\n```yaml\nname: simple_blocklist\nenabled: true\ntype: str\nscope: ip\nparts:\n  # some bad ip!\n  - 10.2.3.4\n  # another\n  - 12.34.56.78\n```\n\nFor some example rules check the `rules` folder (doh!).\n\n#### Others\n\nThe engine can operate in synchronous mode, thus blocking the request while the rules are being checked, or asynchronously dispatch\na job on a queue without affecting the response times. It can also be configured a-la-fail2ban to ban offenders for a given amount of time after a given amount of attacks.\n\nAnd it will also do [CORS](https://developer.mozilla.org/it/docs/Web/HTTP/CORS) for you!\n\n#### Example\n\n```go\nimport (\n    ...\n    \"github.com/evilsocket/quijote/quijote\"\n    ...\n)\n...\n...\n// NOTE: this is for demonstration purposes and can just be replaced with:\n// policy := quijote.DefaultPolicy()\npolicy := Policy{\n\t// where to load the rules from \n\tRulesPath: \"/etc/quijote/rules/\",\n\t// whether or not to dump detections as JSON files for further investigation\n\tDump:     true,\n\tDumpPath: \"/var/log/quijote/detections/\",\n\t// which mode to operate\n\tSynchronous: true,\n\t// this is used with an io.LimitReader so that it is not possible to DoS what we're protecting\n\t// by sending huge payloads that the JSON parser will try to parse because almost nobody ever\n\t// thinks to limit it :)\n\tMaxBodySize: 1024 * 1024 * 50, // 50MB\n\t// log incidents\n\tReport: true,\n\t// ban for an hour offending clients after 5 detections\n\tBan:              true,\n\tBanMaxDetections: 5,\n\tBanDuration:      1 * time.Hour,\n\t// block offending requests\n\tBlock: true,\n\t// what to do after blocking a request\n\tRedirect: Redirect{\n\t\tCode: http.StatusForbidden,\n\t\tBody: \"Request blocked by Quijote (http://github.com/evilsocket/quijote).\",\n\t},\n\t// do basic CORS\n\tCORS: CORS{\n\t\tEnabled:        true,\n\t\tAllowedOrigin:  \"*\",\n\t\tAllowedHeaders: \"Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization\",\n\t\tAllowedMethods: \"POST, GET, OPTIONS, PUT, DELETE\",\n\t},\n}\n\nengine, err := quijote.NewEngine(policy)\nif err != nil {\n    log.Fatal(\"%v\", err)\n}\n\n// or whatever framework you fancy ...\nrouter := mux.NewRouter()\n\n// that's all it takes to integrate!\nrouter.Use(engine.Middleware)\n\nrouter.HandleFunc(\"/\", whatever)\n```\n\n## License\n\n`Quijote` is made with ♥  by [@evilsocket](https://twitter.com/evilsocket) and it is released under the GPL3 license.\n","funding_links":[],"categories":["Tools"],"sub_categories":["Satellite"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fquijote","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevilsocket%2Fquijote","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevilsocket%2Fquijote/lists"}