Skip to content
This repository has been archived by the owner. It is now read-only.
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

README.md

OWASP CRS Rules parser

Incomplete parser model and sample application for parsing mod_security CRS rules. It uses the python library textX for parsing.

How to use it:

  1. Init submodules (get the CRS ruleset):
    git submodule init
    git submodule update
    cd owasp-modsecurity-crs; git checkout v3.1/dev; cd ..
    
  2. Install dependencies Dependencies can be installed system-wide, or just for your user (using --user). System-wide:
    sudo pip install -r requirements.txt
    
    User:
    pip install --user -r requirements.txt
    
  3. Execute ./modsec.py and it will scan the *.conf files in 'owasp-modsecurity-crs/rules':
     $ ./modsec.py
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
     Syntax OK: owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
     Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
    

To visualize the syntax tree, use:

textx visualize modsec.tx
dot -Tpng -O modsec.tx.dot

Then review the generated PNG modsec.tx.dot.png!

Please file an issue if you find a bug or you want some feature added.

About

ModSecurity CRS rules parser (project moved to CRS-support: see https://github.com/CRS-support/secrules_parsing)

Topics

Resources

License

Releases

No releases published

Packages

No packages published

Languages