{"id":15173896,"url":"https://github.com/nim4/dbshield","last_synced_at":"2025-04-05T06:06:42.599Z","repository":{"id":48157458,"uuid":"68709381","full_name":"nim4/DBShield","owner":"nim4","description":"Database firewall written in Go","archived":false,"fork":false,"pushed_at":"2017-09-24T20:01:16.000Z","size":4773,"stargazers_count":682,"open_issues_count":3,"forks_count":163,"subscribers_count":53,"default_branch":"master","last_synced_at":"2025-04-05T06:06:31.798Z","etag":null,"topics":["database","db2","golang","mariadb","mysql","oracle","postgresql","sql-injection"],"latest_commit_sha":null,"homepage":"http://nim4.github.io/DBShield/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nim4.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-09-20T12:26:30.000Z","updated_at":"2025-03-04T03:41:10.000Z","dependencies_parsed_at":"2022-09-01T22:31:55.652Z","dependency_job_id":null,"html_url":"https://github.com/nim4/DBShield","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nim4%2FDBShield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nim4%2FDBShield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nim4%2FDBShield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nim4%2FDBShield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nim4","download_url":"https://codeload.github.com/nim4/DBShield/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247294536,"owners_count":20915340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["database","db2","golang","mariadb","mysql","oracle","postgresql","sql-injection"],"created_at":"2024-09-27T11:04:18.312Z","updated_at":"2025-04-05T06:06:42.576Z","avatar_url":"https://github.com/nim4.png","language":"Go","readme":"[![Linux](https://travis-ci.org/nim4/DBShield.svg?branch=master \"Linux\")](https://travis-ci.org/nim4/DBShield)\n[![Windows](https://ci.appveyor.com/api/projects/status/github/nim4/DBShield?branch=master\u0026svg=true \"Windows\")](https://ci.appveyor.com/project/nim4/DBShield/branch/master)\n[![Go Report Card](https://goreportcard.com/badge/github.com/nim4/DBShield)](https://goreportcard.com/report/github.com/nim4/DBShield)\n[![codecov](https://codecov.io/gh/nim4/DBShield/branch/master/graph/badge.svg)](https://codecov.io/gh/nim4/DBShield)\n[![Dev chat](https://img.shields.io/badge/gitter-chat-20cc20.svg \"Dev chat\")](https://gitter.im/DBShield/Lobby)\n[![GoDoc](https://godoc.org/github.com/nim4/DBShield?status.svg)](https://godoc.org/github.com/nim4/DBShield)\n[![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/nim4/DBShield/master/LICENSE)\n# DBShield\n\nProtects your data by inspecting incoming queries from your application server and rejecting abnormal ones.\n\n\n---\n## How it works?\n\nFor example, this is how web server normally interacts with database server:\n\n![Sample Web Server and DB](https://raw.githubusercontent.com/nim4/DBShield/master/misc/how_01.png)\n\nBy adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.\n\n![Learning mode](https://raw.githubusercontent.com/nim4/DBShield/master/misc/how_02.png)\n\n\nAfter collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.\n\n![Protect mode](https://raw.githubusercontent.com/nim4/DBShield/master/misc/how_03.png)\n\n---\n## Demo\nFor demo, we are using [sqlmap](https://github.com/sqlmapproject/sqlmap)(automatic SQL injection and database takeover tool) to exploit the SQL injection vulnerability at `user.php`\n\nIn the first scenario, the sqlmap successfully exploits the SQL injection when web application connected directly to the database(MySQL), In the second scenario, we modify the `user.php` so DBShield gets between the web application and database which will drop the injection attempt and make sqlmap fail.\n\n![Demo](misc/demo.gif)\n---\n\n## Sample Outputs\n\n**CLI**\n\n```\n$ go run main.go\n2016/10/15 16:25:31 [INFO] Config file: /etc/dbshield.yml\n2016/10/15 16:25:31 [INFO] Internal DB: /tmp/model/10.0.0.21_postgres.db\n2016/10/15 16:25:31 [INFO] Listening: 0.0.0.0:5000\n2016/10/15 16:25:31 [INFO] Backend: postgres (10.0.0.21:5432)\n2016/10/15 16:25:31 [INFO] Protect: true\n2016/10/15 16:25:31 [INFO] Web interface on https://127.0.0.1:8070/\n2016/10/15 16:25:33 [INFO] Connected from: 10.0.0.20:35910\n2016/10/15 16:25:33 [INFO] Connected to: 10.0.0.21:5432\n2016/10/15 16:25:33 [INFO] SSL connection\n2016/10/15 16:25:34 [DEBUG] Client handshake done\n2016/10/15 16:25:34 [DEBUG] Server handshake done\n2016/10/15 16:25:34 [INFO] User: postgres\n2016/10/15 16:25:34 [INFO] Database: test\n2016/10/15 16:25:34 [INFO] Query: SELECT * FROM stocks where id=-1 or 1=1\n2016/10/15 16:25:34 [WARN] Pattern not found: [53 55 51 52 55 52 50 53 55 51 53 49 115 116 111 99 107 115 53 55 51 53 50 105 100 54 49 52 53 53 55 51 55 57 53 55 52 48 52 53 55 51 55 57 54 49 53 55 51 55 57] (SELECT * FROM stocks where id=-1 or 1=1)\n2016/10/15 16:25:34 [WARN] Dropping connection\n```\n\n\n**Web Interface**\n\n![Web UI](https://raw.githubusercontent.com/nim4/DBShield/master/misc/graph.png)\n\n---\n## Installation\n\nGet it\n```\n$ go get -u github.com/nim4/DBShield\n```\n\nThen you can see help using \"-h\" argument:\n```\n$ $GOPATH/bin/DBShield -h\nDBShield 1.0.0-beta3\nUsage of DBShield:\n -a\tget list of abnormal queries\n -c file\n config file (default \"/etc/dbshield.yml\")\n -h\tshow help\n -k\tshow parsed config and exit\n -l\tget list of captured patterns\n -version\n show version\n```\n\nand run it with your configuration, like:\n```\n$ $GOPATH/bin/DBShield -c config.yml\n```\nsee [sample configuration file](https://github.com/nim4/DBShield/blob/master/conf/dbshield.yml)\n\n\n\u003e:warning: **WARNING:**\n\u003e Do NOT use default certificates in production environments!\n\n\n---\n## Supports:\n\n| Database | Protect | SSL |\n|:------------:|:-------:|:---:|\n| **DB2** | ![Yes][YesImg] | ![No][NoImg] |\n| **MariaDB** | ![Yes][YesImg] | ![Yes][YesImg] |\n| **MySQL** | ![Yes][YesImg] | ![Yes][YesImg] |\n| **Oracle** | ![Yes][YesImg] | ![No][NoImg] |\n| **Postgres** | ![Yes][YesImg] | ![Yes][YesImg] |\n\n---\n## To Do\n\n(Sorted by priority)\n\n - Improve documentation\n - Add Microsoft SQL Server\n - Add more command-line arguments\n - Get 90% test coverage\n - Support Oracle SSL\n\n [YesImg]: https://raw.githubusercontent.com/nim4/DBShield/master/misc/yes.png\n [NoImg]: https://raw.githubusercontent.com/nim4/DBShield/master/misc/no.png\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnim4%2Fdbshield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnim4%2Fdbshield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnim4%2Fdbshield/lists"}