Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      itsMe

      Raptor WAF v0.6.2 - Web application firewall

      Recommended Posts

      Staff

      Hidden Content

        Give reaction to this post to see the hidden content.

      Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross-site scripting, and path traversal.

      Why is this tool made in C language?

          C has a high delay time for writing and debugging, but no pain no gain, have fast performance, addition to this point, the C language is run at any architecture like Mips, ARM, and others… other benefits of C, have a good and high profile to write optimizations if you think to write some lines in ASSEMBLY code with AES-NI or SiMD instructions, I think is a good choice.
          Why you do not use POO ? in this project I follow the”KISS” principle: http://pt.wikipedia.org/wiki/Keep It Simple
          C language has a lot of old school dudes like a kernel hacker…

      Raptor is very simple, have three layers reverse proxy, blacklist, and Match(using deterministic finite automaton).
      Proxy using the select() function to check multiple sockets, at the future change to use libevent(signal based is very fast)

      If someone sends a request, Raptor does address analysis… Address blacklisted? block!

      If deterministic finite automaton and Blacklist don’t match, Raptor doesn’t blockRaptor get a Request with GET or POST method and make some analysis to find dirt like an sql injection, cross-site scripting…

      Raptor gets a Request with GET or POST method and makes some analysis to find dirt like an sql injection, cross-site scripting…

      External match string mode
      • At directory, config has a file of lists of rules
      • You can match the string with different algorithms
      • You can choose with an argument –match or -m
      • Choice one option between Karpe Rabin, DFA, or Boyer Moore Horspool

      Changelog v0.6.2

          Patch fix to the improving documentation.

      to run:

      $ git clone https://github.com/CoolerVoid/raptor_waf.git

      $ cd raptor_waf; make; bin/raptor

      Don’t execute with “cd bin; ./raptor” use path “bin/raptor” look detail https://github.com/CoolerVoid/raptor_waf/issues/4

      Hidden Content

        Give reaction to this post to see the hidden content.

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. FuzzingTool
          FuzzingTool is a web penetration testing tool, that handles with fuzzing. After the test is completed, all possible vulnerable entries (and the response data) are saved on a report file.
          Changelog v3.11
          New features
              Allow to insert multiple wordlists (globally or per target)
                  Assign a wordlist to each target with numerous -w, or a global wordlist using only one -w;
                  Use multiple wordlists to same target -w 'wordlist1;wordlist2';
              Allow to wordlist plugins automatically detects and build their parameters based on target;
              Now both the exception and the used payload are written in the logfile;
              Added robots.txt plugin to the wordlists;
              Updated CLI output options
                  Added an option to disable the terminal colors --no-colors;
                  Added an option to simplify the output mode, removing the time label and reducing the other labels -S, --simple-output;
          CLI output changes
              Updated the program’s progress status: the format is more clean and shows the current payload that are being used;
              Updated the PathScanner status codes coloring;
          Bugfixes
              Fixed the proxy setup on Request;
              Fixed the Logger that wasn’t writting in the logfile;
              Fixed a bug then more than one method is specified to same target, and the application stops to run;
              Fixed an exception when the same target is setted more than one time. Now a target can appear more than one time if all of them do the same type of fuzzing, or by selecting a global scanner plugin;
          Exception handling
              At now, none of the RequestExceptions will stop the application, instead of it the program will ask for the user if he wants to continue with that target.
              The objectCreator method from PluginFactory no longer raises a PluginNotFound exception. This exception was transfered to the classCreator in the same factory.
          Code refatored
              All the program arguments parsing are now handled by ArgumentParser that extends the argparse.ArgumentParser;
              Separate the Dictionary class from the wordlists;
              Removed unused anonimous functions on CliOutput;
              The blacklist status codes, and actions, was moved to a separated class called BlacklistStatus;
              Removed the Response class. Now the Request object will return a tuple of items: the raw response from the requests library, and the RTT. The SubdomainRequest appends the target’s ip to this tuple;
              Moved the FuzzingTool results from the python dictionary to a separated class Result
                  The results are no longer created by the scanners;
                  Changed the getResult method from the scanners to inspectResult;
              Separated the Matcher from the scanners;
              Updated base classes to abstract classes;

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. XeroChat, a multichannel marketing application, is an ultimate white-label SaaS software with an all-in-one solution for your business to grow. It offers all-powerful tools like Facebook Messenger BOT, Facebook Comment Auto Reply & Private Reply, Facebook Auto Comment Tools, Instagram Auto Comment Reply, Complete E-commerce Solutions inside Messenger & Outside Messenger, Restaurants Food Ordering inside Messenger & outside Messenger,Contactless QR Menu/Catalog Generate for Food order or Ecommerce Purchase, Social Media Posting, SMS Marketing, Email Marketing & many other features. Therefore, XeroChat is the best choice for your daily marketing solutions..
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What?
          Arkhota is a web (HTTP/S) brute forcer for Android.
          Why?
          A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Ultimate SMS is a powerful, flexible, and User-friendly Bulk SMS Marketing Application. It’s also an all-in-one solution for your SMS marketing. It’s easy to use & install.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. HackTools is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverses shells, and much more.
          Current functions:
              Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)
              Shell Spawning (TTY Shell Spawning)
              XSS Payloads
              Basic SQLi payloads
              Local file inclusion payloads (LFI)
              Base64 Encoder / Decoder
              Hash Generator (MD5, SHA1, SHA256, SHA512)
              Useful Linux commands (Port Forwarding, SUID)
          Changelog v0.3.8
          The new update is out!
              New RFI Payload #102
              New ZSH reverse shell #101


          Hidden Content
          Give reaction to this post to see the hidden content.