simple-waf-scanner 0.1.6

Production-ready WAF scanner with OWASP Top 10:2025 Web & LLM support. 360+ payloads including LLM/GenAI testing (prompt injection, jailbreaks, system prompt leakage). HTTP/2, 11+ WAF fingerprints, 13 evasion techniques.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

# OWASP Top 10:2025 Integration Summary

## Changes Made

### 1. License Update ✅
- Changed from dual MIT/Apache-2.0 to MIT only
- Updated `Cargo.toml` license field
- Removed `LICENSE-APACHE` file
- Updated README.md license badge and section

### 2. OWASP Top 10:2025 Type System ✅
Added new `OwaspCategory` enum in `src/types.rs` with all 10 categories:
- A01:2025 - Broken Access Control
- A02:2025 - Security Misconfiguration
- A03:2025 - Software Supply Chain Failures
- A04:2025 - Cryptographic Failures
- A05:2025 - Injection
- A06:2025 - Insecure Design
- A07:2025 - Authentication Failures
- A08:2025 - Software or Data Integrity Failures
- A09:2025 - Security Logging & Alerting Failures
- A10:2025 - Mishandling of Exceptional Conditions

Features:
- Automatic mapping from attack types to OWASP categories
- Reference URL generation for each category
- Integration with `Finding` struct

### 3. New OWASP-Aligned Payloads ✅
Created 5 new payload files with 40+ specialized bypass techniques:

#### `owasp-a01-broken-access-control.json`
- SSRF to AWS metadata (4 encoding variants)
- Advanced path traversal with WAF bypass (5 techniques)
- IDOR vulnerability tests

#### `owasp-a02-security-misconfiguration.json`
- Default credential testing
- Debug endpoint discovery (.env, phpinfo, server-status)

#### `owasp-a05-injection-advanced.json`
- SQL injection with comment obfuscation
- NoSQL injection operators
- XSS polyglot with advanced encoding
- Command injection with quote evasion

#### `owasp-a07-authentication-bypass.json`
- SQL injection auth bypass
- Session fixation tests
- JWT 'none' algorithm attack

#### `owasp-a10-error-handling.json`
- Stack trace disclosure triggers
- Database error message extraction

### 4. Scanner Integration ✅
Updated `src/scanner.rs` to automatically map findings to OWASP categories:
```rust
owasp_category: OwaspCategory::from_attack_type(&category)
```

### 5. Payload Manager Updates ✅
Updated `src/payloads.rs` to include all new OWASP-aligned payloads:
- Added 5 new payload file constants
- Integrated into default payload loading
- Total payloads increased from 240+ to 280+

### 6. Documentation Updates ✅
Enhanced README.md with:
- OWASP Top 10:2025 badge/mention in features
- New "OWASP Top 10:2025 Coverage" section with detailed descriptions
- Updated payload count (240+ → 280+)
- Updated category count (10 → 15)
- Color-coded OWASP category descriptions
- Direct links to OWASP references

## OWASP Coverage Summary

| OWASP Category | Payloads | Coverage |
|----------------|----------|----------|
| A01 - Broken Access Control | ✅ 12+ | SSRF, Path Traversal, IDOR |
| A02 - Security Misconfiguration | ✅ 7+ | Default Creds, Debug Endpoints |
| A03 - Supply Chain | ❌ 0 | Out of scope for WAF scanner |
| A04 - Cryptographic Failures | ⚠️ Partial | Via existing payloads |
| A05 - Injection | ✅ 25+ | SQL, NoSQL, XSS, Command, XXE, SSTI |
| A06 - Insecure Design | ⚠️ Partial | Covered by other categories |
| A07 - Authentication Failures | ✅ 8+ | Auth Bypass, Session, JWT |
| A08 - Data Integrity | ⚠️ Partial | Via RCE payloads |
| A09 - Logging Failures | ❌ 0 | Not detectable via WAF bypass |
| A10 - Error Handling | ✅ 9+ | Stack traces, DB errors |

**Total OWASP-specific payloads added**: 40+
**Total scanner payloads**: 280+

## Benefits

1. **Industry Standard Alignment**: Findings now map to OWASP Top 10:2025 for better communication with security teams
2. **Enhanced Coverage**: New payloads target critical categories like authentication bypass and cloud metadata access
3. **Better Reporting**: Automatic OWASP category tagging helps prioritize remediation
4. **WAF Bypass Focus**: All new payloads include advanced evasion techniques specifically designed to bypass modern WAFs
5. **Future Proof**: Easy to extend with additional OWASP-aligned payloads

## Next Steps (Optional Enhancements)

1. Add visual OWASP category filters in CLI output
2. Generate OWASP-formatted reports (PDF/HTML)
3. Add CWE mapping alongside OWASP categories
4. Create OWASP A03 payloads for dependency scanning
5. Add CVSS scoring based on OWASP category
6. Implement OWASP-based payload prioritization