Tools for auditing WAFS
Project description
# LightBulb
LightBulb is an open source python framework for auditing web applications firewalls.
## Synopsis
The framework consists of two main algorithms:
* **GOFA**: An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model.
Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program and observe the output.
* **SFADiff**: A black-box differential testing algorithm based on Symbolic Finite Automata (SFA) learning
Finding differences between programs with similar functionality is an important security problem as such differences can be used for fingerprinting or creating evasion attacks against security software like Web Application Firewalls (WAFs) which are designed to detect malicious inputs to web applications.
## Motivation
Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task. Finding attacks that bypass the firewall usually requires expert domain knowledge for a specific vulnerability class. Thus, penetration testers not armed with this knowledge are left with publicly available lists of attack strings, like the XSS Cheat Sheet, which are usually insufficient for thoroughly evaluating the security of a WAF product.
## Commands Usage
Main interface commands:
Command | Description
------------- | -------------------------------------
core | Shows available core modules
utils | Shows available query handlers
info \<module\> | Prints module information
library | Enters library
modules | Shows available application modules
use \<module\> | Enters module
start \<moduleA\> \<moduleB\> | Initiate algorithm
help | Prints help
status | Checks and installs required packages
complete | Prints bash completion command
Module commands:
Command | Description
------------- | -------------------------------------
back | Go back to main menu
info | Prints current module information
library | Enters library
options | Shows available options
define \<option\> \<value\> | Set an option value
start | Initiate algoritm
complete | Prints bash completion command
Library commands:
Command | Description
------------- | -------------------------------------
back | Go back to main menu
info \<folder\\module\> | Prints requested module information (folder must be located in lightbulb/data/)
cat \<folder\\module\> | Prints requested module (folder must be located in lightbulb/data/)
modules \<folder\> | Shows available library modules in the requested folder (folder must be located in lightbulb/data/)
search \<keywords\> | Searches available library modules using comma separated keywords
complete | Prints bash completion command
## Installation
### Prepare your system
First you have to verify that your system supports flex, python dev, pip and build utilities:
For apt (ubuntu, debian...):
```bash
sudo apt-get install flex
sudo apt-get install python-pip
sudo apt-get install python-dev
sudo apt-get install build-essential
```
For yum (centos, redhat, fedora...):
```bash
sudo yum install python-pip
sudo yum install python-devel
sudo yum groupinstall 'Development Tools'
```
### Install Lightbulb
In order to use the application without complete package installation:
```bash
git clone https://github.com/lightbulb-framework/lightbulb-framework
cd lightbulb-framework
make
lightbulb status
```
In order to perform complete package installation You can also install it from pip repository:
```bash
pip install lightbulb-framework
lightbulb status
```
The "lightbulb status" command will guide you to install MySQLdb and OpenFst support.
[![LightBulb Installation on Debian Linux](https://j.gifs.com/O75xWL.gif)](https://www.youtube.com/watch?v=jjw32Jc744g)
## Contributors
* George Argyros
* Ioannis Stais
## License
MIT License as described in LICENSE file
LightBulb is an open source python framework for auditing web applications firewalls.
## Synopsis
The framework consists of two main algorithms:
* **GOFA**: An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model.
Active learning algorithms permits the analysis of filter and sanitizer programs remotely, i.e. given only the ability to query the targeted program and observe the output.
* **SFADiff**: A black-box differential testing algorithm based on Symbolic Finite Automata (SFA) learning
Finding differences between programs with similar functionality is an important security problem as such differences can be used for fingerprinting or creating evasion attacks against security software like Web Application Firewalls (WAFs) which are designed to detect malicious inputs to web applications.
## Motivation
Web Applications Firewalls (WAFs) are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transactions dictates that any application facing the internet should be either protected by a WAF or successfully pass a code review process. Nevertheless, despite their popularity and importance, auditing web application firewalls remains a challenging and complex task. Finding attacks that bypass the firewall usually requires expert domain knowledge for a specific vulnerability class. Thus, penetration testers not armed with this knowledge are left with publicly available lists of attack strings, like the XSS Cheat Sheet, which are usually insufficient for thoroughly evaluating the security of a WAF product.
## Commands Usage
Main interface commands:
Command | Description
------------- | -------------------------------------
core | Shows available core modules
utils | Shows available query handlers
info \<module\> | Prints module information
library | Enters library
modules | Shows available application modules
use \<module\> | Enters module
start \<moduleA\> \<moduleB\> | Initiate algorithm
help | Prints help
status | Checks and installs required packages
complete | Prints bash completion command
Module commands:
Command | Description
------------- | -------------------------------------
back | Go back to main menu
info | Prints current module information
library | Enters library
options | Shows available options
define \<option\> \<value\> | Set an option value
start | Initiate algoritm
complete | Prints bash completion command
Library commands:
Command | Description
------------- | -------------------------------------
back | Go back to main menu
info \<folder\\module\> | Prints requested module information (folder must be located in lightbulb/data/)
cat \<folder\\module\> | Prints requested module (folder must be located in lightbulb/data/)
modules \<folder\> | Shows available library modules in the requested folder (folder must be located in lightbulb/data/)
search \<keywords\> | Searches available library modules using comma separated keywords
complete | Prints bash completion command
## Installation
### Prepare your system
First you have to verify that your system supports flex, python dev, pip and build utilities:
For apt (ubuntu, debian...):
```bash
sudo apt-get install flex
sudo apt-get install python-pip
sudo apt-get install python-dev
sudo apt-get install build-essential
```
For yum (centos, redhat, fedora...):
```bash
sudo yum install python-pip
sudo yum install python-devel
sudo yum groupinstall 'Development Tools'
```
### Install Lightbulb
In order to use the application without complete package installation:
```bash
git clone https://github.com/lightbulb-framework/lightbulb-framework
cd lightbulb-framework
make
lightbulb status
```
In order to perform complete package installation You can also install it from pip repository:
```bash
pip install lightbulb-framework
lightbulb status
```
The "lightbulb status" command will guide you to install MySQLdb and OpenFst support.
[![LightBulb Installation on Debian Linux](https://j.gifs.com/O75xWL.gif)](https://www.youtube.com/watch?v=jjw32Jc744g)
## Contributors
* George Argyros
* Ioannis Stais
## License
MIT License as described in LICENSE file
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lightbulb-framework-0.0.12.tar.gz
(176.5 kB
view hashes)
Close
Hashes for lightbulb-framework-0.0.12.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | bf91e75d4e2eccd739efe2758925f0b9a9d6c5238e37e596d1cc9dd416d41906 |
|
MD5 | 014b52d52ec627b3a86360fa465bfb1d |
|
BLAKE2b-256 | cb91cc5be1381694a26a52c7ee1da921c2b57a8e874217c546c49306b65d68e1 |