FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
โ˜ท
โ–ณ ๐Ÿ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayTools

CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations

By: Unknown


Firewall Manager API Project

Installation

Follow these steps to set up and run the API project:

1. Clone the Repository

git clone https://github.com/adriyansyah-mf/CentralizedFirewall
cd CentralizedFirewall

2. Edit the .env File

Update the environment variables in .env according to your configuration.

nano .env

3. Start the API with Docker Compose

docker compose up -d

This will start the API in detached mode.

4. Verify the API is Running

Check if the containers are up:

docker ps

Additional Commands

Stop the API

docker compose down

Restart the API

docker compose restart

Let me know if you need any modifications! ๐Ÿš€

How to setup for the first time and connect to firewall client

  1. Install Firewall Agent on your node server
  2. Run the agent with the following command
sudo dpkg -i firewall-client_deb.deb
  1. Create a New Group on the Firewall Manager
  2. Create New API Key on the Firewall Manager
  3. Edit the configuration file on the node server
nano /usr/local/bin/config.ini
  1. Add the following configuration
[settings]
api_url = API-URL
api_key = API-KEY
hostname = Node Hostname (make it unique and same as the hostname on the SIEM)
  1. Restart the firewall agent
systemctl daemon-reload
systemctl start firewall-agent
  1. Check the status of the firewall agent
systemctl status firewall-agent
  1. You will see the connected node on the Firewall Manager

Default Credential

Username: admin
Password: admin

You can change the default credential on the setting page

How to Integration with SIEM

  1. Install the SIEM on your server
  2. Configure the SIEM to send the log to the Firewall Manager (You can do this via SOAR or SIEM configuration) The request should be POST with the following format
  3. The format of the log should be like this
curl -X 'POST' \
  'http://api-server:8000/general/add-ip?ip=123.1.1.99&hostname=test&apikey=apikey&comment=log' \
  -H 'accept: application/json' \
  -d ''

You can see the swagger documentation on the following link

http://api-server:8000/docs

The .env detail configuration

DB=changeme
JWT_SECRET=changeme
PASSWORD_SALT=changme
PASSWORD_TOKEN_KEY=changme
OPENCTI_URL=changme
OPENCTI_TOKEN=changme

Sponsor This Project ๐Ÿ’–

If you find this project helpful, consider supporting me through GitHub Sponsors



SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits

By: Unknown


SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits.

A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others.


How It Works


By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but acting as an reverse proxy intermediary that protects the web app server from a potentially malicious client.

its core capabilities include:

  • Defenses for web attacks
  • Proactive bot abused defense
  • HTML & JS code encryption
  • IP-based rate limiting
  • Web Access Control List

Screenshots







Get Live Demo

FEATURES

List of the main features as follows:

  • Block Web Attacks
  • It defenses for all of web attacks, such as SQL injection, XSS, code injection, os command injection, CRLF injection, XXE, SSRF, path traversal and so on.
  • Rate Limiting
  • Defend your web apps against DoS attacks, bruteforce attempts, traffic surges, and other types of abuse by throttling traffic that exceeds defined limits.
  • Anti-Bot Challenge
  • Anti-Bot challenges to protect your website from bot attacks, humen users will be allowed, crawlers and bots will be blocked.
  • Authentication Challenge
  • When authentication challenge turned on, visitors need to enter the password, otherwise they will be blocked.
  • Dynamic Protection
  • When dynamic protection turned on, html and js codes in your web server will be dynamically encrypted by each time you visit.


PingRAT - Secretly Passes C2 Traffic Through Firewalls Using ICMP Payloads

By: Zion3R


PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.

Features:

  • Uses ICMP for Command and Control
  • Undetectable by most AV/EDR solutions
  • Written in Go

Installation:

Download the binaries

or build the binaries and you are ready to go:

$ git clone https://github.com/Nemesis0U/PingRAT.git
$ go build client.go
$ go build server.go

Usage:

Server:

./server -h
Usage of ./server:
  -d string
        Destination IP address
  -i string
        Listener (virtual) Network Interface (e.g. eth0)

Client:

./client -h
Usage of ./client:
  -d string
        Destination IP address
  -i string
        (Virtual) Network Interface (e.g., eth0)



โŒ