[Oisf-users] Suricata - w3af integration to find malware in websites
Andres Riancho
andres.riancho at gmail.com
Tue Oct 8 01:05:14 UTC 2013
List,
Let me introduce myself, my name is Andres Riancho and I'm the
w3af [0] project leader. w3af is an open source web application
security scanner, and I was thinking about integrating a small subset
of suricata's rules into it.
The idea is rather simple, parse the rules which identify
botnets/malware in http response bodies and apply them to each http
response that w3af gets from the target site while it's crawling it.
If a match is found, report a vulnerability to the user; that
vulnerability will contain all the information (URLs, fix, more info,
etc.) provided by the suricata rule.
My questions to the suricata community are:
* What do you think about the idea?
* Do you expect this to trigger lots of false positives? How
could I reduce them?
* w3af is GPLv2.0, can I bundle the suricata rules with it?
* Is there any well tested suricata rule parser written in python?
* Any similar project you want me to look into?
* Are there major differences between snort and suricata
rules? Which ruleset should I use for this task?
Thanks!
[0] http://w3af.org/
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
More information about the Oisf-users
mailing list