• Stars
    star
    33
  • Rank 783,877 (Top 16 %)
  • Language
    Crystal
  • License
    MIT License
  • Created about 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Web Application Firewall (WAF) Detector

wafalyzer Build Status Releases License

Wafalyzer is a firewall detection utility, which attempts to determine what WAF (if any) is in the front of a web application. It does that by means of passive analysis of the HTTP response metadata (status, headers, body) and if that fails, issuing additional requests with popular malicious payloads in order to (eventually) trigger WAF's response.

Installation

Shard

  1. Add the dependency to your shard.yml:

    dependencies:
      wafalyzer:
        github: NeuraLegion/wafalyzer
  2. Run shards install

CLI

  1. Run shards build
  2. πŸ—

Usage

Wafalyzer can be used as both - shard and/or standalone CLI utility.

Shard

require "wafalyzer"

# See `Wafalyzer::Settings` for all available options.
Wafalyzer.configure do |settings|
  settings.use_random_user_agent = true
end

# See `Wafalyzer.detect` for all available options.
Wafalyzer.detect(
  url: "https://www.apple.com",
  method: "POST",
)
# => [#<Wafalyzer::Waf::Akamai>]

CLI

$ ./bin/wafalyzer -m POST -r https://www.apple.com

All of the flags can be listed by, passing --help.

$ ./bin/wafalyzer --help

You can use LOG_LEVEL env variable to set the desired logs severity at runtime.

$ LOG_LEVEL=debug ./bin/wafalyzer https://github.com

Development

Run specs with:

crystal spec

Contributing

  1. Fork it (https://github.com/NeuraLegion/wafalyzer/fork)
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

Contributors

More Repositories

1

shainet

SHAInet - a pure Crystal machine learning library
Crystal
181
star
2

brokencrystals

A Broken Application - Very Vulnerable!
TypeScript
120
star
3

crystal-fann

FANN (Fast Artifical Neural Network) binding in Crystal
Crystal
83
star
4

cypress-har-generator

Cypress plugin for generating HTTP Archive (HAR) files captures network requests during Cypress tests.
TypeScript
80
star
5

har

HAR (HTTP Archive) parser in Crystal
Crystal
22
star
6

broken_crystals

A vulnerable Application in crystal
Crystal
20
star
7

bright-cli

Command Line Interface (CLI) tool for NeuraLegion's solutions.
TypeScript
17
star
8

sectester-js-demo

This is a demo project for the SecTester JS SDK framework, with some installation and usage examples.
TypeScript
17
star
9

sslscanner

SSL Scanner written in Crystal
Crystal
17
star
10

sec-tester-cr

Bright Security scanner integration for Crystal specs
Crystal
15
star
11

cvss

The Common Vulnerability Scoring System (CVSS) base score calculator and validator library written in TypeScript.
TypeScript
14
star
12

tensorflow.cr

TensorFlow bindings in Crystal
Crystal
13
star
13

fix

FIX library for crystal
Crystal
13
star
14

blue_cr

BlueZ bluetooth binding in Crystal
Crystal
12
star
15

har-sdk

HAR SDK enables Node.js developers to easily work with HAR, convert it from OAS/Swagger and Postman collection, and more.
TypeScript
10
star
16

sslscan.cr

Crystal shard wrapping the rbsec/sslscan utility
Crystal
10
star
17

generic_actor

A generic Actor model for Crystal
Crystal
10
star
18

mt_helpers

MultiThreading helpers for crystal
Crystal
8
star
19

example-actions

8
star
20

sectester-js

SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.
TypeScript
5
star
21

monitor

Quick HTTP Load tester for CSE\Support
Crystal
5
star
22

documentation

NeuraLegion's Documentation Repository
4
star
23

simple-email

Crystal
3
star
24

jfrog-example

3
star
25

oas2har

Transform you Swagger/OAS spec files to a series of HAR request objects.
JavaScript
2
star
26

changelog

NexPloit Changelog
2
star
27

run-scan

Action runs a new security scan in NeuraLegion, or reruns an existing one
TypeScript
2
star
28

AMASS-the-Legion

Python
2
star
29

crometheus

Crystal
2
star
30

socket_io

Crystal SocketIO Shard
Crystal
2
star
31

postman2har

Transform your Postman collection to a series of HAR request objects.
TypeScript
2
star
32

broken_crystals_kemal

Temporary backup of Broken Crystals written in Kemal
HTML
1
star
33

restharter

Restart a scan using a HAR
Crystal
1
star
34

sectester-net

SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.
C#
1
star
35

helmcharts

Smarty
1
star