https://github.com/jreisinger/waf-tester
Test Web Application Firewalls (WAFs)
https://github.com/jreisinger/waf-tester
cli ftw security testing tool waf
Last synced: 5 months ago
JSON representation
Test Web Application Firewalls (WAFs)
- Host: GitHub
- URL: https://github.com/jreisinger/waf-tester
- Owner: jreisinger
- License: gpl-3.0
- Created: 2020-01-13T07:57:08.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2025-04-16T13:17:44.000Z (about 1 year ago)
- Last Synced: 2025-04-16T19:48:08.948Z (about 1 year ago)
- Topics: cli, ftw, security, testing, tool, waf
- Language: Go
- Homepage:
- Size: 380 KB
- Stars: 5
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
## About
waf-tester runs tests against a URL protected by a Web Application Firewall (WAF). The tests are HTTP requests defined in YAML format based on [FTW format](https://github.com/CRS-support/ftw/blob/master/docs/YAMLFormat.md). Use '-template' to see how they look like.
The tests are evaluated by comparing the HTTP response status or WAF logs against the expected values defined in tests. If both 'status' and 'log_contains' are defined in a test only status is evaluated. If '-logs' is not used tests containing only 'log_contains' are skipped.
## Installation
`make install`
## Sample usage
Run some WAF tests against localhost:
```
# Generate tests and run them against localhost.
waf-tester -template > tests.yaml
waf-tester -verbose
# Run tests from waf_tests folder and evaluate also logs (NOTE: -logs is kind of experimental).
waf-tester -tests waf_tests/ -logs /tmp/var/log/modsec_audit.log
```
Consider using [waf-runner](https://github.com/jreisinger/waf-runner) to run a WAF on localhost.
## Development
```
vim main.go
make build # see dist folder
make install # install into ~/go/bin
```
Check test coverage:
```
go test -coverprofile cover.out ./...
go tool cover -html=cover.out
```
If the code is slow [profile](https://blog.golang.org/pprof) it.