ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)
Set of test cases that can be used to test custom implementations of the SecRules language (ModSecurity rules format).
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.
Set of Python scripts to perform SecRules language evaluation on a given http request.
Repository for the OWASP/WASC Distributed Web Honeypots Project -
Inject beef hooks into HTTP traffic and track hooked systems from cmdline
forked from zimmerle/omniauth-identity
A simple login and password strategy for OmniAuth.
Next generation remote logging tool for ModSecurity, supporting native and JSON format.
The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.
Utility to manipulate SDBM files used by ModSecurity. With that utility it is possible to _shrink_ SDBM databases. It is also possible to list the SDBM contents with filters such as: expired or invalid items only.