search

nbs-system / naxsi

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
GNU General Public License v3.0
4.79k stars 606 forks source link

how can i do test using naxsi #632

Closed R4Y-R4Y closed 1 year ago

R4Y-R4Y commented 1 year ago

i want to do a simulation that demonstrates the capability of naxsi nginx web app firewall on some attacks how can i do that?

wargio commented 1 year ago

First, do not use this repo and instead use mine: https://github.com/wargio/naxsi Second, compile naxsi and deploy it in a vm then run some tools like sqlmap etc... Remember that the key is to configure the WAF according to your needs (i.e. avoid deploying rules that are useful for wordpress if you do not run wordpress, for example) and always ensure to enable the waf in the needed locations (i.e. avoid setting it for example in admin paths etc.. which cannot be accessed by any normal traffic, and instead use ip filtering for those)

R4Y-R4Y commented 1 year ago

what tools would be the best tools to test naxsi?

wargio commented 1 year ago

any pentest tool for webapps. there isn't 'a tool' with which you test naxsi. Naxsi is supposed to help you to block obvious threats, like automated scans, etc..

R4Y-R4Y commented 1 year ago

Could you recommend examples of popular pentest open source tools?

wargio commented 1 year ago

There are plenty which you could use