[Oisf-users] Suricata - w3af integration to find malware in websites

Andres Riancho andres.riancho at gmail.com
Tue Oct 8 01:05:14 UTC 2013


    Let me introduce myself, my name is Andres Riancho and I'm the
w3af [0] project leader. w3af is an open source web application
security scanner, and I was thinking about integrating a small subset
of suricata's rules into it.

    The idea is rather simple, parse the rules which identify
botnets/malware in http response bodies and apply them to each http
response that w3af gets from the target site while it's crawling it.
If a match is found, report a vulnerability to the user; that
vulnerability will contain all the information (URLs, fix, more info,
etc.) provided by the suricata rule.

    My questions to the suricata community are:
        * What do you think about the idea?
        * Do you expect this to trigger lots of false positives? How
could I reduce them?
        * w3af is GPLv2.0, can I bundle the suricata rules with it?
        * Is there any well tested suricata rule parser written in python?
        * Any similar project you want me to look into?
        * Are there major differences between snort and suricata
rules? Which ruleset should I use for this task?


[0] http://w3af.org/

Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

More information about the Oisf-users mailing list