Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Raptor WAF - C Based Web Application Firewall

Raptor is a C based open source Web Application Firewall that uses DFA (Deterministic Finite Automata) to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. It allows you to block some users with the blacklist of IPs (config/blacklist_ip.txt).


$ git clone
$ cd raptor_waf; make; bin/raptor
Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor".

Remember: It needs lib pcre to compile.


Up some HTTPd server at port 80 redirect with raptor to port 8883:
$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
Copy vulnerable PHP code to your web server directory:
$ cp doc/test_dfa/test.php /var/www/html
Now you can test xss attacks at http://localhost:8883/test.php

Other option to run(now with regex, look file config/regex_rules.txt to edit rules):
$ bin/Raptor -h -p 80 -r 8883 -w 0 -o resultwaf -m pcre

Download Raptor WAF

You might also like:
  • GPing - Ping, But with a Graph
  • Toxy - Hackable HTTP Proxy for Resiliency Testing and Simulated Network Conditions
  • BackdoorMe - Powerful Auto-Backdooring Utility
  • PentestPackage - A Collection of Scripts for Pentesting
  • Ares - Python Botnet and Backdoor
  • 0d1n - Tool For Bruteforcing Web Applications
  • AutoBrowser - Create Report and Screenshots of HTTP/S Based Ports on the Network
  • Nikto - Web Server Scanner
  • SQLiPy - A SQLMap Plugin for Burp Suite
  • Proxenet - Hacker-Friendly Proxy for Web Application Pentests
  • bWAPP - An Extremely Buggy Web App For Practising Hacking
  • Brakeman - A Static Analysis Security Vulnerability Scanner For Ruby on Rails Applications
  • jSQL Injection - A Cross-Platform SQL Injection Tool
  • Cookie Cadger - Free Tool For Identifying Information Leakage and Hijacking Sessions
via #FunTechHack

This post first appeared on Shown's, please read the originial post: here

Share the post

Raptor WAF - C Based Web Application Firewall


Subscribe to Shown's

Get updates delivered right to your inbox!

Thank you for your subscription