OctopusWAF is a WAF( Web application firewall) with high performance, made in C language and use libevent.
OctopusWAF is an open-source Web application firewall entirely created in C language that uses libevent to make multiple connections. The event-driven architecture is optimized for many parallel connections (keep-alive), vital for high-performance AJAX applications. This tool is very light. You can deploy in any, please. This resource turns perfect for protecting specific endpoints that need custom protection.
https://www.youtube.com/watch?v=qbnis-i7EqU Test detection with libinjection.
Install libpcre or libpcre-dev with apt. If you use RPM-based distro, search the name pcre-devel package, on BSD systems search in ports or brew(MacOS)... You Need libevent-dev to run; on RPM distros libevent-devel, you need to install OpenSSL-dev and OpenSSL-devel.
Example in debian based:
$ sudo apt install libssl-dev libevent-dev libpcre3-dev make gcc
To compile and run OctopusWAF, follow these commands:
$ git clone https://github.com/CoolerVoid/OctopusWAF
$ cd OctopusWAF; make
# if you need to see options try the following
$ bin/OctopusWAF
The example tested on DVWA on a simple HTTP channel.
$ bin/OctopusWAF -h 127.0.0.1:7008 -r 127.0.0.1:80 --debug --libinjection-sqli --log results_log.txt
Note you can use pcre, horspool, and libinjection mode protections simultaneously.
Open your browser in http://127.0.0.1:7008, and you can test the block when you attack.
Tested on Linux but can run in FreeBSD.
-------------------------------------------------------------------------------
Language files blank comment code
-------------------------------------------------------------------------------
C/C++ Header 14 133 270 9977
C 13 591 798 2625
make 2 14 3 52
Markdown 1 34 0 52
-------------------------------------------------------------------------------
SUM: 30 772 1071 12706
-------------------------------------------------------------------------------
The purpose of this tool is to use in pentest, take attention if you have a proper authorization before to use that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember.