Skip to content
This repository has been archived by the owner on Jun 3, 2019. It is now read-only.

fzipi/secrules-parser

BranchesTags

Repository files navigation

OWASP CRS Rules parser

Incomplete parser model and sample application for parsing mod_security CRS rules. It uses the python library textX for parsing.

How to use it:

  1. Init submodules (get the CRS ruleset): 
    git submodule init
git submodule update
cd owasp-modsecurity-crs; git checkout v3.1/dev; cd ..
  2. Install dependencies Dependencies can be installed system-wide, or just for your user (using --user). System-wide: 
    sudo pip install -r requirements.txt
    User: 
    pip install --user -r requirements.txt
  3. Execute ./modsec.py and it will scan the *.conf files in 'owasp-modsecurity-crs/rules': 
     $ ./modsec.py
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
 Syntax OK: owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
 Syntax OK: owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf

To visualize the syntax tree, use:

textx visualize modsec.tx
dot -Tpng -O modsec.tx.dot

Then review the generated PNG modsec.tx.dot.png!

Please file an issue if you find a bug or you want some feature added.

About

ModSecurity CRS rules parser (project moved to CRS-support: see https://github.com/CRS-support/secrules_parsing)

Topics

python parsing owasp modsecurity textx

Resources

Readme

License

Apache-2.0 license
Activity

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages