Coraza alternatives and similar packages
Based on the "Security" category.
Alternatively, view coraza alternatives based on common mentions on social networks and blogs.
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) -
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. -
-
-
-
-
-
-
-
Themis by Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. -
ToRat
DISCONTINUED. ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication -
-
-
-
-
-
-
-
-
teler-waf
teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks. -
-
-
-
go-peer
๐ Library for developing secure, decentralized, anonymous and quantum-resistant networks in Go language -
simple-scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go ๐ -
passwap
Package passwap provides a unified implementation between different password hashing algorithms. It allows for easy swapping between algorithms, using the same API for all of them. -
goSecretBoxPassword
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase. -
-
go-generate-password
Password generator written in Golang, usable as a CLI or Go library. Provides options for human readable and accessibility friendly passwords. -
-
secureio
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer. -
-
goArgonPass
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. -
-
-
-
CodeRabbit: AI Code Reviews for Developers
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of Coraza or a related project?
README
Coraza - Web Application Firewall
[
Notice: Coraza v3 is on pre-alpha stage and APIs might change ! :warning:
Coraza is an open source, enterprise-grade, high performance Web Application Firewall (WAF) ready to protect your beloved applications. It written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set.
- Website: https://coraza.io
- Forum: Github Discussions
- OWASP Slack Community (#coraza): https://owasp.org/slack/invite
- Rule testing: Coraza Playground
- Planning: Github Projects
Key Features:
โฒ Drop-in - Coraza is a drop-in alternative to replace the soon to be abandoned Trustwave ModSecurity Engine and supports industry standard SecLang rule sets.
๐ฅ Security - Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages.
๐ Extensible - Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. Audit Loggers, persistence engines, operators, actions, create your own functionalities to extend Coraza as much as you want.
๐ Performance - From huge websites to small blogs, Coraza can handle the load with minimal performance impact. Check our Benchmarks
๏นก Simplicity - Anyone is able to understand and modify the Coraza source code. It is easy to extend Coraza with new functionality.
๐ฌ Community - Coraza is a community project, contributions are accepted and all ideas will be considered. Find contributor guidance in the CONTRIBUTION document.
Integrations
The Coraza Project maintains implementations and plugins for the following servers:
- Caddy Reverse Proxy and Webserver Plugin - stable, needs a maintainer
- Proxy WASM extension for proxies with proxy-wasm support (e.g. Envoy) - stable, still under development
- HAProxy SPOE Plugin - preview
- Traefik Proxy Plugin - preview, needs maintainer
- Gin Web Framework Middleware - preview, needs maintainer
- Apache HTTP Server - experimental
- Nginx - experimental
- Coraza C Library - experimental
Plugins
- Coraza GeoIP (preview)
Roadmap
- WASM scripts support
- New rule language
- GraphQL body processor
- TinyGo support
- libcoraza C exports
Prerequisites
- Golang compiler v1.18+
- Linux distribution (Debian or Centos recommended) or Mac. Windows not supported yet.
Coraza Core Usage
Coraza can be used as a library for your Go program to implement a security middleware or integrate it with existing application & webservers.
package main
import (
"fmt"
"github.com/corazawaf/coraza/v3"
)
func main() {
// First we initialize our waf and our seclang parser
waf, err := coraza.NewWAF(coraza.NewWAFConfig().
WithDirectives(`SecRule REMOTE_ADDR "@rx .*" "id:1,phase:1,deny,status:403"`))
// Now we parse our rules
if err != nil {
fmt.Println(err)
}
// Then we create a transaction and assign some variables
tx := waf.NewTransaction()
defer func() {
tx.ProcessLogging()
tx.Close()
}()
tx.ProcessConnection("127.0.0.1", 8080, "127.0.0.1", 12345)
// Finally we process the request headers phase, which may return an interruption
if it := tx.ProcessRequestHeaders(); it != nil {
fmt.Printf("Transaction was interrupted with status %d\n", it.Status)
}
}
[Examples/http-server](./examples/http-server/) provides an example to practice with Coraza.
Tools
- Go FTW: Rule testing engine
- Coraza Playground: Sandbox rule testing web interface
- OWASP Core Ruleset: Awesome rule set, compatible with Coraza
Development
Coraza only requires Go for development. You can run mage.go to issue development commands.
See the list of commands
go run mage.go -l
For example, to format your code before submission, run
go run mage.go format
Contribute
Contributions are welcome! Please refer to [CONTRIBUTING.md](./CONTRIBUTING.md) for guidance.
Thanks
- Modsecurity team for creating ModSecurity
- OWASP Coreruleset team for the CRS and their help
Companies using Coraza
- Babiel (supporter)
Author on Twitter
Donations
For donations, see Donations site
Thanks to all the people who have contributed
We could not have done this without you!
Made with contrib.rocks.