Permalink
Browse files

changes

  • Loading branch information...
contra committed Sep 24, 2011
1 parent 361b14f commit 84afa0fe0c854ed4310192be1224544a93357b94
View
@@ -1,4 +0,0 @@
-.DS_Store
-*.log
-node_modules
-.nodester.appconfig
View
@@ -1,2 +0,0 @@
-*.log
-fusker
View
20 LICENSE
@@ -1,20 +0,0 @@
-Copyright (c) 2011 Fractal <contact@wearefractal.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
@@ -1,91 +0,0 @@
-**Fusker is a library to prevent and manage a multitude of attacks in nodejs**
-
-![How it works](http://i.imgur.com/wkJdu.png)
-
-## Installation
-
-To install fusker, use [npm](http://github.com/isaacs/npm):
-
- $ npm install fusker
-
-## Example
-
-Please see [the examples folder](http://github.com/wearefractal/fusker/blob/master/examples/) to get an idea of how to use Fusker properly
-
-## Test Site
-
-You think you're one raw dog? [fusker.nodester.com](http://fusker.nodester.com/) Come at me bro.
-
-## HTTP Configuration
-### List of included HTTP detection modules (detectives)
-```
-csrf - Detects cross-site request forgery in incoming http requests
-xss - Detects common XSS attacks in incoming http requests
-sqli - Detects SQLi attempts in incoming http requests
-lfi - Detects common LFI attacks in incoming http requests
-404 - Punishes people who like to snoop around. Only use with single page applications
-```
-
-### List of included HTTP payload modules
-```
-blacklist - Blacklists IP from HTTP server for specified amount of time (banLength in config)
-fake-report - Alerts attacker that they have been reported to ic3 and displays DOJ logo
-saxroll - Redirects attacker to 1227.com
-nimp - Redirects attacker to fusker.on.nimp.org (WARNING: Harmful to attacker)
-nyan - Redirects attacker to nyan.cat
-goatse - Redirects attacker to goatse.bz (WARNING: Harmful to eyes)
-bush - Redirects attacker to full screen George W. Bush "you just fell for the trap"
-lemonparty - Redirects attacker to lemonparty.org (WARNING: Harmful to eyes)
-meatspin - Redirects attacker to meatspin.com (WARNING: Harmful to eyes)
-explosive-impact - Redirects attacker to fullscreen video of ranting
-raggedyann - Redirects attacker to extreme speaker rape. (WARNING: Harmful to speakers)
-crews - Displays Terry Crews nipple dance rainbow b& page
-```
-
-## Socket.io Configuration
-### List of included SocketIO detection modules (detectives)
-```
-xss - Detects common XSS attacks in incoming socket messages
-sqli - Detects SQLi attempts in incoming socket messages
-lfi - Detects common LFI attacks in incoming socket messages
-```
-
-### List of included SocketIO payload modules
-```
-blacklist - Blacklists IP from SocketIO server for specified amount of time (banLength in config)
-```
-
-## Other Configuration
-### Express Middleware
-Please see [this](http://github.com/wearefractal/fusker/blob/master/examples/express-test.coffee) for a working express example.
-It's as easy as ```app.use(fusker.express.check);```
-Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.
-
-### PROTIP BRO
-Setting config.silent to true will turn off all logging
-Setting config.verbose to true will turn on a ton of logging
-
-## LICENSE
-
-(MIT License)
-
-Copyright (c) 2011 Fractal <contact@wearefractal.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
View
@@ -0,0 +1,20 @@
+<html>
+<head>
+<title>Fusker Documentation</title>
+<link rel="stylesheet" href="http://twitter.github.com/bootstrap/1.3.0/bootstrap.min.css">
+<link rel="stylesheet" href="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.css">
+<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js" type="text/javascript"></script>
+<script src="http://twitter.github.com/bootstrap/1.3.0/bootstrap-dropdown.js" type="text/javascript"></script>
+<script src="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.js" type="text/javascript"></script>
+<script src="https://raw.github.com/wearefractal/dox/master/lib/dox.js" type="text/javascript"></script>
+<script src="https://raw.github.com/wearefractal/fusker/master/PROJECTFILE.js" type="text/javascript"></script>
+<script type="text/javascript">
+$(document).ready(function () {
+ nova = dox('Fusker');
+ nova.add({}, 'Nothing here yet - Send me a message on GitHub if you absolutely need this and I will do it');
+});
+</script>
+</head>
+<body onload="prettyPrint()">
+</body>
+</html>
@@ -1,41 +0,0 @@
-fusker = require '../lib/fusker'
-express = require 'express'
-
-fusker.config.dir = process.cwd()
-fusker.config.banLength = 1
-fusker.config.verbose = true
-
-fusker.http.detectives.push 'csrf', 'xss', 'sqli', 'lfi', '404'
-fusker.http.payloads.push 'blacklist', 'bush'
-fusker.socket.detectives.push 'xss', 'sqli', 'lfi'
-fusker.socket.payloads.push 'blacklist'
-
-app = express.createServer()
-app.use fusker.express.check
-app.use express.static(fusker.config.dir)
-
-app.listen 8080
-
-io = fusker.socket.listen app
-
-io.sockets.on 'connection', (socket) ->
-
- socket.emit 'HelloClient', 'o hay thar client'
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer1! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer2! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer3! Contents: ' + msg
-
- /* Uncomment the attack senders in index.html to test these */
- socket.on 'TestSQL', (msg) ->
- console.log 'SQL Handled! Contents: ' + msg
-
- socket.on 'TestLFI', (msg) ->
- console.log 'LFI Handled! Contents: ' + msg
-
- socket.on 'TestXSS', (msg) ->
- console.log 'XSS Handled! Contents: ' + msg
View
@@ -1,32 +0,0 @@
-<html>
-<head>
-<title>Fusker - Test Page</title>
-<script type="text/javascript" src="/socket.io/socket.io.js"></script>
-<script>
- var socket = io.connect();
-
- socket.on('connect', function () {
- console.log('Socket.IO connected!');
- });
-
- socket.on('HelloClient', function (msg) {
- console.log('Server: ' + msg);
- socket.emit('TestObject', {username: 'ez-money', message: 'waz gud diz ya boi e-z e'});
-
- //Uncomment this block to send attacks to the server on page load
- /*
- socket.emit('TestXSS', '"><img src=x onerror=alert("XSS")><noscript>');
- socket.emit('TestLFI', '../../etc/passwd/');
- socket.emit('TestSQL', '\' OR \'1\'=\'1');*/
- });
-</script>
-</head>
-<body bgcolor="black" background="http://content.ytmnd.com/content/1/d/b/1db6ede2772ba8f5428dbff9f1f2e3be.gif">
-<br/><br/>
-<center>
-<h1>Fusker Test Page</h1><br/>
-<img src="http://content.ytmnd.com/content/1/7/c/17c9f89183c18613f48450a649e3f64c.gif"/><br/>
-<embed src="http://www.youtube.com/v/pOu1BvuhtRw?autoplay=1" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>
-</center>
-</body>
-</html>
View
@@ -1,38 +0,0 @@
-fusker = require '../lib/fusker'
-
-fusker.config.dir = __dirname
-fusker.config.banLength = 1
-fusker.config.verbose = true
-
-fusker.http.detect 'csrf', 'xss', 'sqli', 'lfi', '404'
-fusker.http.punish 'blacklist', 'bush'
-fusker.socket.detect 'xss', 'sqli', 'lfi'
-fusker.socket.punish 'blacklist'
-
-server = fusker.http.createServer 8080
-io = fusker.socket.listen server
-
-# This will run an http server on port 8081 identical to the one on 8080 but requiring a username and password to log in
-securedServer = fusker.http.createServer 8081, 'admin', 'pass123'
-
-io.sockets.on 'connection', (socket) ->
-
- socket.emit 'HelloClient', 'o hay thar client'
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer1! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer2! Contents: ' + msg
-
- socket.on 'TestObject', (msg) ->
- console.log 'HelloServer3! Contents: ' + msg
-
- /* Uncomment the attack senders in index.html to test these */
- socket.on 'TestSQL', (msg) ->
- console.log 'SQL Handled! Contents: ' + msg
-
- socket.on 'TestLFI', (msg) ->
- console.log 'LFI Handled! Contents: ' + msg
-
- socket.on 'TestXSS', (msg) ->
- console.log 'XSS Handled! Contents: ' + msg
View
@@ -1,77 +1,20 @@
-<!DOCTYPE html>
<html>
<head>
- <meta charset='utf-8'>
-
- <title>wearefractal/fusker @ GitHub</title>
-
- <style type="text/css">
- body {
- margin-top: 1.0em;
- background-color: #a28565;
- font-family: Helvetica, Arial, FreeSans, san-serif;
- color: #000000;
- }
- #container {
- margin: 0 auto;
- width: 700px;
- }
- h1 { font-size: 3.8em; color: #5d7a9a; margin-bottom: 3px; }
- h1 .small { font-size: 0.4em; }
- h1 a { text-decoration: none }
- h2 { font-size: 1.5em; color: #5d7a9a; }
- h3 { text-align: center; color: #5d7a9a; }
- a { color: #5d7a9a; }
- .description { font-size: 1.2em; margin-bottom: 30px; margin-top: 30px; font-style: italic;}
- .download { float: right; }
- pre { background: #000; color: #fff; padding: 15px;}
- hr { border: 0; width: 80%; border-bottom: 1px solid #aaa}
- .footer { text-align:center; padding-top:30px; font-style: italic; }
- </style>
+<title>Fractal - Fusker</title>
+<link rel="stylesheet" href="http://twitter.github.com/bootstrap/1.3.0/bootstrap.min.css">
+<style>
+body
+{
+ background: black;
+}
+</style>
</head>
-
<body>
- <a href="http://github.com/wearefractal/fusker"><img style="position: absolute; top: 0; right: 0; border: 0;" src="http://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png" alt="Fork me on GitHub" /></a>
-
- <div id="container">
-
- <div class="download">
- <a href="http://github.com/wearefractal/fusker/zipball/master">
- <img border="0" width="90" src="http://github.com/images/modules/download/zip.png"></a>
- <a href="http://github.com/wearefractal/fusker/tarball/master">
- <img border="0" width="90" src="http://github.com/images/modules/download/tar.png"></a>
- </div>
-
- <h1><a href="http://github.com/wearefractal/fusker">fusker</a>
- <span class="small">by <a href="http://github.com/wearefractal">wearefractal</a></span></h1>
-
- <div class="description">
- Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io
- </div>
-
- <h2>Authors</h2>
-<p>Aaron Murray (aaron.thomas.murray@gmail.com)<br/>Contra (contra@maricopa.edu)<br/><br/> </p>
-<h2>Contact</h2>
-<p>Fractal (contact@wearefractal.com)<br/> </p>
-
-
- <h2>Download</h2>
- <p>
- You can download this project in either
- <a href="http://github.com/wearefractal/fusker/zipball/master">zip</a> or
- <a href="http://github.com/wearefractal/fusker/tarball/master">tar</a> formats.
- </p>
- <p>You can also clone the project with <a href="http://git-scm.com">Git</a>
- by running:
- <pre>$ git clone git://github.com/wearefractal/fusker</pre>
- </p>
-
- <div class="footer">
- get the source code on GitHub : <a href="http://github.com/wearefractal/fusker">wearefractal/fusker</a>
- </div>
-
- </div>
-
-
+<a href="http://github.com/wearefractal/fusker"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://a248.e.akamai.net/assets.github.com/img/abad93f42020b733148435e2cd92ce15c542d320/687474703a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f677265656e5f3030373230302e706e67" alt="Fork me on GitHub"></a>
+<center>
+<img id="logo" src="http://wearefractal.com/img/green_400x400.png"/><br/><br/>
+<a href="http://wearefractal.github.com/fusker/docs" class="btn primary">Documentation</a> <a href="http://www.slideshare.net/wearefractal/fusker-a-nodejs-security-framework-8850586" class="btn primary">Presentation</a>
+</center>
</body>
</html>
+
View
@@ -1,8 +0,0 @@
-module.exports =
- dir: process.cwd()
- index: 'index.html'
- banLength: 1440
- httplog: 'http-attacks.log'
- socketlog: 'socket-attacks.log'
- verbose: false
- silent: false
View
@@ -1,5 +0,0 @@
-module.exports.check = (req, res, next) ->
- http = require './http'
- http.processRequest req, res
- if next?
- next()
View
@@ -1,15 +0,0 @@
-require 'protege'
-require('node-log').setName 'fusker'
-
-/* Create global var */
-fusker = {}
-
-/* Merge all of the libraries */
-fusker.util = require './util'
-fusker.config = require './config'
-fusker.http = require './http'
-fusker.express = require './express'
-fusker.socket = require './socketio'
-fusker.patterns = require './patterns'
-
-module.exports = fusker
Oops, something went wrong.

0 comments on commit 84afa0f

Please sign in to comment.