Downloads, DVWA, Firewall, Hacking Tools, Libevent, Linux, Octopus WAF, OctopusWAF, OWASP

Octopus WAF – Web Application Firewall Made In C Language And Use Libevent

OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections.

First step

Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew… Need libevent-dev, on RPM distros libevent-devel, Openssl-dev and openssl-devel.

To compile and run OctopusWAF follow this commands:

$ git clone
$ cd OctopusWAF; make
$ bin/OctopusWAF

Example tested on DVWA on simple HTTP channel

$ bin/OctopusWAF -h -r -m horspool --debug

Open your browser in

  • Notes: Don’t execute with “cd bin; ./OctopusWAF” use full path “bin/OctopusWAF”, because binary need load content in config directory. Use HTTP only for WAF usage, this version 0.1 run TLS but don’t have resource to load cert and read TLS requests/responses, if you use TLS the service can lost WAF function and work like reverse proxy.

Tested on Linux but can run in FreeBSD.

Code overview

Language files blank comment code
C 12 324 138 997
C/C++ Header 11 63 70 212
make 1 1 0 30
Markdown 1 6 0 3
SUM: 25 394 208 1242


Resource to load modsec rules

Insert rules to detect XSS

Insert rules to detect SQLi

Insert rules to detect RCE

Insert rules to detect RFI/LFI

Insert rules to detect XXE

Insert rules to detect Anomalys…

Channel for TLS

Cert Load


Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend