Skip to content
Raptor - WAF - Web application firewall using DFA [ Current version ] - Beta
Branch: master
Clone or download
Latest commit 5d2cf7c May 18, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin first write Dec 16, 2015
config Update version and add pcre regex to match rules at config/regex_rule… Jun 23, 2018
doc add simple match list and 3 diferent algorithms to match Oct 27, 2016
src update May 17, 2019
LICENSE Initial commit Dec 16, 2015
Makefile Fix error handlers, to not fall the WAF. Apr 14, 2019 Update Jun 24, 2018

Alt text


Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal.

THis is PoC version

Alt text

to run:

$ git clone

$ cd raptor_waf; make; bin/raptor

#Note: Don't execute with "cd bin; ./raptor" use full path "bin/raptor" look detail

Need lib pcre to compile.


Up some HTTPd server at port 80 redirect with raptor to port 8883

$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt

Copy vulnerable PHP code to your web server directory

$ cp doc/test_dfa/test.php /var/www/html

Now you can test xss attacks at http://localhost:8883/test.php

Other option to run(now with regex, look file config/regex_rules.txt to edit rules):

$ bin/Raptor -h -p 80 -r 8883 -w 0 -o resultwaf -m pcre

Look the docs

You can’t perform that action at this time.