Giters

manishanker / PayloadIdentifier

Avoid malicious payloads with machine learning!

Home Page:https://payload.tarcisiomarinho.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Payload Identifier

When developing Web Applications, we cannot trust on users input data.

With that in mind, some developers try to implement themselves the logic to prevent some commomn attacks such as SQLinjection, Cross Site Scripting, etc.

Some applications uses WAF (Web Application Firewall) wich is a rule based payload identification.

There are several strategies for blacklist evasion (aka. WAF) used by hackers.

Using Payload Identifier, even enconding can be detected as malicious payload.

How does it works ?

Payload identifier is a Rest API for malicious payload validation using machine learning.

It doesn't use a blacklist/whitelist approach.

Powered by machine learning, it predicts whether there's malicious payloads.

Examples

Request

POST /predict
Content-type: application/json

{
    "data": ["<script> alert(1); </script>"]
}

Response

{
    "data": [
        "xss"
    ]
}

The payload is probably a XSS attack.

Using with Python requests module

alt text

Using Postman

alt text

alt text

About

Avoid malicious payloads with machine learning!

https://payload.tarcisiomarinho.io

Languages

Language:TypeScript 51.4%Language:Python 36.9%Language:JavaScript 5.9%Language:HTML 3.7%Language:CSS 1.7%Language:Shell 0.5%