• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Shadow Daemon – Web Application Firewall

June 6, 2015

Views: 5,337

Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

Shadow Daemon - Web Application Firewall

Shadow Daemon is easy to install and can be managed with a clear and structured web interface. The interface lets you examine attacks in great detail. If you just want to protect your site, but otherwise do not care about attacks you can forget about the web interface once Shadow Daemon is installed and configured. The interface also comes with shell scripts that can be used to send weekly reports via e-mail, rotate the logs and the like.

Language Connectors

Shadow Daemon strives to be a single solution for all popular web languages. At the moment the following programming languages are supported:

  • PHP
  • Perl
  • Python

Accurate Detection

Shadow Daemon combines white and blacklisting to accurately detect malicious requests. The blacklist makes use of sophisticated regular expressions to search for known attack patterns in the user input. The whitelist on the other hand searches for irregularities in the user input based on strict rules that define how the input should look like. Together they can detect almost any attack on a web application and still have a very low false-positive rate.

Shadow Daemon is able to detect common attacks like:

  • SQL Injections
  • XML Injections
  • Code Injections
  • Command Injections
  • Cross-Site Scripting
  • Local/Remote File Inclusions
  • Backdoor Access

Discreet Protection

Unlike many other web application firewalls Shadow Daemon does not completely block malicious requests. Instead it only filters out the dangerous parts of a request and lets it proceed afterwards. This makes attacks impossible, but does not unnecessary frustrate visitors in the case of false-positives.

Secure Architecture

Shadow Daemon is closer to the application than most other web application firewalls. It receives exactly the same input that the web application receives and thus it is almost impossible to bypass the detection by obfuscating the attack. However, the most complex parts of Shadow Daemon are separated from the web application to guarantee a certain standard of security.

You can get Shadow Daemon here:

Debian/Ubuntu

Download here.

1
2
dpkg -i shadowd_1.1.3-1_*.deb
apt-get -f install

or

1
2
3
add-apt-repository ppa:zit-hb/shadowd
apt-get update
apt-get install shadowd

Red Hat / CentOS / Fedora

Download here.

1
rpm -i shadowd-1.1.3-1.*.rpm

Or read more here.

Share71
Tweet96
Share102
Buffer
WhatsApp
Email
269 Shares

Filed Under: Countermeasures, Security Software, Web Hacking Tagged With: hacking web apps, waf, web app security, web application firewall, web-application-security



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,615)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,346)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,346)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,676)
  • Password List Download Best Word List – Most Common Passwords (931,820)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,449)
  • Hack Tools/Exploits (672,586)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,846)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy