Skip to content

thirt33n/Grindwall

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GRINDWALL

ML based Firewall System

Description:


Grindwall is an ML based Firewall System that uses a machine learning model to filter out bad or malicious requests to the server.

  • Each model uses a specefic classification algorithm to determine the nature of incoming packets and classifies them on the basis of the vulnerability that the request tries to exploit.
  • Bad Packets are dropped by the server and the client is displayed with a message.
  • Contents:

      Datasets

    1. full_xss_sqli_dataset.csv = Dataset for training the model - Version 1
    2. version_4_full.csv - Full dataset for Version 4(includes cmdi)
    3. new_specs_dataset.csv - Dataset for classifying according to vulnerability.

      Scripts

    4. network_sec.ipynb = Notebook file used for creating the model and other operations related to ML
    5. grindwall.py = Main Script used to setup the firewall
    6. requirements.txt = Python Requirements for running the script
    7. test.csv = Dataset used for testing the model
    8. gring_gui.py = Scipt to run Grindwall as GUI

      Models

    9. model1_grindwall.pkl = The saved model checkpoint which is loaded into the script for use in the firewall, only filters sqli - Uses Random Forest Classifier
    10. model2_grindwall = The saved model Checkpoint, which filters sql injections and XSS payloads - Uses Ada Boost Classifier
    11. model3_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss" or "good"- Uses Random Forest Classifier
    12. model4_grindwall = Saved Model checkpoint that filters on the basis of the vulnerability that the packet tries to exploit; "sqli","xss","cmdi" or "good" - Uses Light Gradient Boosting Machine Classification
    13. Wordlists

    14. sqlInjection.txt = Wordlist containing payloads for SQL injection attacks used for dataset preparation
    15. xss_payloads.txt = Wordlist containing XSS payloads
    16. cmdi_payloads.txt = Wordlist containing cmdi payloads

    Installation And Working

    • Clone this Repo Install the requirements using the command
    pip install -r requirements.txt  
    • Once dependencies are installed run
    python cli.py

    Grindwall CLI

  • Alternatively you can also run the GUI version of Grindwall using :
    python gring_gui.py
    grindwall GUI



  • Once the firewall is up and running configure your browser or computer to utilize proxy server running on port 1234 ( You can change this setting in grindwall.py file).
    You can use windows proxy settings by accessing
    Settings > Network And Internet > Proxy > Enable proxy with

    Address - 127.0.0.1
    Port - 1234

    Or you can use extensions like Foxy Proxy to use a proxy server for just your browser.
  • Once your browser is configured to listen using the proxy server, all your requests pass through the ML model, which determines if your request is malicious or not and alerts you by dropping the packet.
  • You can view all the outgoing requests in the terminal and log file.

    Good Requests
  • Any malicious requests will be returned with the 'bad' classification and the following message will be displayed.
    Block message

  • The terminal log displays the prediction label according to the vulnerability

    Terminal Information

    Video Demo:

    grindwall_demo.mp4

    Future Implementations:

    Support for other Web Vulnerabilities Including

  • Cross Site Scripting = Completed
  • Command Injections = Completed
  • Support For HTTPS connections
  • Comprehensive GUI
  • Analytics