• Stars
    star
    251
  • Rank 161,862 (Top 4 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 2 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

naxsi

What is Naxsi?

NAXSI means Nginx Anti XSS & SQL Injection.

Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI.

Being very simple, those patterns may match legitimate queries, it is the Naxsi's administrator duty to add specific rules that will whitelist legitimate behaviours. The administrator can either add whitelists manually by analyzing nginx's error log, or (recommended) start the project with an intensive auto-learning phase that will automatically generate whitelisting rules regarding a website's behaviour.

In short, Naxsi behaves like a DROP-by-default firewall, the only task is to add required ACCEPT rules for the target website to work properly.

Why is it different?

Contrary to most Web Application Firewalls, Naxsi doesn't rely on a signature base like an antivirus, and thus cannot be circumvented by an "unknown" attack pattern. Naxsi is Free software (as in freedom) and free (as in free beer) to use.

What does it run on?

Naxsi should be compatible with any nginx version.

It depends on libpcre for its regexp support, and is reported to work great on NetBSD, FreeBSD, OpenBSD, Debian, Ubuntu and CentOS.

Why using this repository

The original project is officially abandoned (and has been archived the 8th Nov 2023), but you can fully ask for support here as i'm willing to keep the project working as last remaining developer.

Documentation

You can find the main documentation here

Build naxsi

Be sure when you clone the repository to fetch all the submodules.

$ git clone --recurse-submodules https://github.com/wargio/naxsi.git
$ wget --no-clobber -O nginx.tar.gz "https://nginx.org/download/nginx-1.22.0.tar.gz"
$ mkdir nginx-source
$ tar -C nginx-source -xzf nginx.tar.gz --strip-components=1
$ cd nginx-source
$ ./configure  --prefix=/etc/nginx --add-dynamic-module=../naxsi/naxsi_src
$ make

Support

Questions regarding NAXSI can be asked by opening a new issue here

Future plans

  • Bring back nxapi using python3
  • Creation of a simple tool to create rules and test them

More Repositories

1

r2dec-js

radare2 plugin - converts asm to pseudo-C code.
C
508
star
2

Twitch-Streamer-Linux

This is a script dedicated to stream to Twitch.tv with Webcam support
Shell
217
star
3

fufluns

Easy to use APK/IPA Mobile App Inspector
Python
73
star
4

plugin.video.southpark_unofficial

Addon for XBMC/Kodi to watch the South Park show
Python
28
star
5

vitatool

tools for vita
C
27
star
6

tiny3D

tiny3D for PSL1GHT
C
15
star
7

vitakeys

PS Vita Keys
15
star
8

NoRSX

NoRSX is a 2D lib for PSL1GHT
C++
13
star
9

PSChannel

An OpenSource Homebrew's Store
C++
13
star
10

WSH-Framework

This framework has been written to work with the Windows Host Script platform to provide the basic methods to develop simple scripting tools.
JavaScript
13
star
11

liblcm1602

liblcm1602 for raspberry pi
C
12
star
12

ps3tools

Playstation 3 tools
C
8
star
13

PS-Seismograph

This is a simple Seismograph for ps3.
C++
8
star
14

Twitch-Streamer-For-Linux

Twitch-Streamer-For-Linux written in C/CPP
C++
8
star
15

ps3soundlib

PS3SOUNDLIB FOR PSL1GHT V2 - to install it, just run make.
Objective-C
6
star
16

deb-creator

Creates deb files without having huge dependencies, just standard tools.
Shell
6
star
17

libvle

PowerPC VLE disassembler library
C
5
star
18

libmove

A simple PS Move lib for PSL1GHT v2
C++
5
star
19

r2dec-wasm

radare2 plugin - converts WASM to pseudo-C code
C
5
star
20

A-Simple-printf

This is a simple printf function for PS3. it can be implemented
C++
5
star
21

Asus-e200ha

Asus E200HA Custom Linux Kernel building script for Arch Linux
Shell
5
star
22

InstallPackageHomebrew

Self
5
star
23

vitatoolchain

An ARM toolchain. read the readme for more info.
Shell
3
star
24

BurpProtocolBuffers

Burp Extension to decode Raw protocol buffers (Native java)
Java
3
star
25

intel-iot-edison-find-me

IoT Project
C++
3
star
26

SimpleRSX

SimpleRSX is a 2D lib for PSL1GHT with Hardware Accelleration
C++
3
star
27

NoRSX__PCEMU

C++
3
star
28

OpenKanban

An Open Source self-hosted Kanban
Go
3
star
29

EFL-PS3

Enlightenment Foundation Libraries for PSL1GHT
C
3
star
30

spidev

SPIDEV + MCP3008 Example
C
3
star
31

Led

A simple app to change the Led Color of your PS3
C
3
star
32

dump_flash

dump_flash from gitbrew, modified to be run on psl1ght V2
C
2
star
33

d1-nezha-tools

Allwinner D1 Nezha Tools
Python
2
star
34

ps3sdk-docker

ps3toolchain + psl1ght v2 in one docker image
C++
2
star
35

efl

EFL core libraries
C
2
star
36

OtherTools

Other Tools
C
2
star
37

native-msal-cpp-windows64

Microsoft MSAL C++ Example (windows x64 only)
C++
2
star
38

r2dec-regression

r2 pseudo-C decompiler (experimental) - regressions tests
Shell
2
star
39

lvd

Simple bootloader for PPC 64
2
star
40

Fisica

C++
1
star
41

rz-riscv

Rizin RISC-V assembler/disassembler generator
C
1
star
42

Simple_EFL_Example

This is a simple efl example. it uses ecore, edje and evas.
C++
1
star
43

vitasploit

PlayStation Vita native exploitation framework
JavaScript
1
star