AnomalyWebApplicationFirewall – an anomaly based web application firewall.

AnomalyWebApplicationFirewall is a script that used to unify access logs. The only prerequisites are that the nessesary parameters are logged and that all of the parameters are surrounded with double quotes. The outpout is saved in MongoDB which will be used as input for other scripts.

AnomalyWebApplicationFirewall

Script List:
* Unifier
This script is used to unify access logs. The only prerequisites are that the nessesary parameters are logged and that all of the parameters are surrounded with double quotes. The outpout is saved in MongoDB which will be used as input for other scripts.
* Profiler
This script is used to profile the unified script. It takes input from a given collection (MongoDB), output is also stored in MongoDB
* Firewall
This script is used to run the web application firewall (simulated) based on the created profile.

Usage:

git clone https://github.com/matthiasmaes/AnomalyWebApplicationFirewall && AnomalyWebApplicationFirewall
pip2 install pymongo progressbar ip2location
now you can run one by one the inside folder

Source: https://github.com/matthiasmaes

Source: Security List Network™ @ March 6, 2017 at 06:01AM

0
Share