Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NeuraLegion/wafalyzer

Web Application Firewall (WAF) Detector
https://github.com/NeuraLegion/wafalyzer

cli crystal detection fingerprinting firewall shard waf

Last synced: 3 months ago
JSON representation

Web Application Firewall (WAF) Detector

Host: GitHub
URL: https://github.com/NeuraLegion/wafalyzer
Owner: NeuraLegion
License: mit
Created: 2020-08-25T14:16:50.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2023-03-13T09:52:28.000Z (over 1 year ago)
Last Synced: 2024-05-28T20:14:48.532Z (5 months ago)
Topics: cli, crystal, detection, fingerprinting, firewall, shard, waf
Language: Crystal
Homepage:
Size: 139 KB
Stars: 32
Watchers: 18
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-crystal - wafalyzer - Web Application Firewall (WAF) Detector - shard + cli (Misc)

README

# wafalyzer ![Build Status](https://github.com/NeuraLegion/wafalyzer/workflows/CI/badge.svg) [![Releases](https://img.shields.io/github/release/NeuraLegion/wafalyzer.svg)](https://github.com/NeuraLegion/wafalyzer/releases) [![License](https://img.shields.io/github/license/NeuraLegion/wafalyzer.svg)](https://github.com/NeuraLegion/wafalyzer/blob/master/LICENSE)

Wafalyzer is a firewall detection utility, which attempts to determine what WAF (if any) is in the front of a web application. It does that by means of passive analysis of the HTTP response metadata (status, headers, body) and if that fails, issuing additional requests with popular malicious payloads in order to (eventually) trigger WAF's response.

## Installation

### Shard

1. Add the dependency to your `shard.yml`:

```yaml
dependencies:
wafalyzer:
github: NeuraLegion/wafalyzer
```

2. Run `shards install`

### CLI

1. Run `shards build`
2. 🐗

## Usage

Wafalyzer can be used as both - shard and/or standalone CLI utility.

### Shard

```crystal
require "wafalyzer"

# See `Wafalyzer::Settings` for all available options.
Wafalyzer.configure do |settings|
settings.use_random_user_agent = true
end

# See `Wafalyzer.detect` for all available options.
Wafalyzer.detect(
url: "https://www.apple.com",
method: "POST",
)
# => [#]
```

### CLI

```console
$ ./bin/wafalyzer -m POST -r https://www.apple.com
```

All of the flags can be listed by, passing `--help`.

```console
$ ./bin/wafalyzer --help
```

You can use `LOG_LEVEL` env variable to set the desired
logs severity at runtime.

```console
$ LOG_LEVEL=debug ./bin/wafalyzer https://github.com
```

## Development

Run specs with:

```
crystal spec
```

## Contributing

1. Fork it ()
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request

## Contributors

- [Sijawusz Pur Rahnama](https://github.com/Sija) - creator and maintainer