Gen0Sec WAF Rule Server
БесплатноНе проверенEnables an LLM to author, validate, and test Wirefilter WAF and Smart Firewall rules using live schema and real CVE exploit templates.
Описание
Enables an LLM to author, validate, and test Wirefilter WAF and Smart Firewall rules using live schema and real CVE exploit templates.
README
WAF & Smart-Firewall Rule Generation for Agentic LLMs
An MCP server that lets an LLM author, validate, and test Wirefilter WAF and Smart Firewall rules — grounded in live schema and real CVE exploit templates instead of guesswork.
What it does:
- Validates rules against a real engine — expressions are checked (and optionally test-matched) through the Wirefilter rules-validator API, so the model gets real pass/fail feedback, not a hallucinated opinion
- Grounds generation in live schema — serves the authoritative actions / expressions / fields / functions / operators / values straight from the rules-validator, so rules use fields that actually exist
- Pulls real exploit context — fetches CVE-indexed Nuclei templates from multiple sources (Nuclei Open Source via GitHub, Nuclei Paid via the ProjectDiscovery API) to inform CVE-driven rule generation
- Self-updating — periodically refreshes the Wirefilter context and CVE template repositories in the background
Runs anywhere Python 3.12+ runs · ships as a Claude Desktop bundle, a stdio MCP server, or an HTTP container
Quick start
Claude Desktop (bundle)
# Prerequisites: uv, and mcpb (npm install -g @anthropic-ai/mcpb)
mcpb pack # produces gen0sec-mcp-server.mcpb
Open the generated gen0sec-mcp-server.mcpb file — Claude Desktop installs it in about a minute, after which the tools, resources, and prompts are available.
Cursor IDE — local (stdio)
Add to ~/.cursor/mcp.json (%USERPROFILE%\.cursor\mcp.json on Windows):
{
"mcpServers": {
"waf-rule-mcp": {
"command": "uv",
"args": [
"run",
"--project", "/absolute/path/to/mcp-server",
"/absolute/path/to/mcp-server/server/main.py"
],
"env": {
"WAF_VALIDATION_API_URL": "https://public.gen0sec.com/v1/waf/validate"
}
}
}
}
WAF_VALIDATION_API_URL is optional — if unset, the value from server/config.yaml is used. Restart Cursor to apply.
Docker (HTTP)
docker build -t waf-rule-mcp .
docker run -p 8000:8000 waf-rule-mcp
Then point your MCP client at it:
{
"mcpServers": {
"waf-rule-mcp": { "url": "http://localhost:8000" }
}
}
The WAF rule validation API must be reachable for the validation tools to work. Set its URL via
WAF_VALIDATION_API_URLorserver/config.yaml.
MCP surface
Tools
| Tool | Purpose |
|---|---|
fetch_cve_vulnerability_template |
Retrieve a CVE-indexed vulnerability template from a preferred source (Nuclei Open Source or Nuclei Paid API) |
fetch_cve_from_all_sources |
Fetch a CVE template from all enabled sources for cross-source comparison |
list_cve_sources |
List the registered CVE source plugins and their status |
validate_waf_expression |
Validate a Wirefilter rule expression (rule_type selects the scheme) |
validate_waf_expression_with_tests |
Validate a Wirefilter rule and match it against test data (mock data if none given) |
get_waf_context |
Fetch WAF context from Wirefilter docs: actions, expressions, fields, functions, operators, values |
get_rule_fields |
Fetch the live, authoritative Wirefilter field/function schema directly from the rules-validator |
Resources
| URI | Reference |
|---|---|
wafcontext://actions |
Actions available in the Rules language |
wafcontext://expressions |
Expressions available in the Rules language |
wafcontext://fields |
Fields available in the Rules language |
wafcontext://functions |
Functions available in the Rules language |
wafcontext://operators |
Operators available in the Rules language |
wafcontext://values |
Values available in the Rules language |
Prompts
| Prompt | Generates a rule from… |
|---|---|
natural_waf_rule_generation_prompt |
a natural-language description |
cve_waf_rule_generation_prompt |
a CVE index |
smart_firewall_rule_generation_prompt |
a natural-language description, as an L3/L4 + JA4 Smart Firewall rule (no http.* fields; block/allow actions) |
Architecture
flowchart TD
LLM([Agentic LLM / MCP client]) <--> MCP
subgraph MCP[Gen0Sec WAF Rule MCP Server]
T[Tools]
R["Resources<br/>wafcontext://*"]
P[Prompts]
RU[Resource updater<br/>periodic refresh]
end
T -->|validate / fields| RV[Wirefilter rules-validator API]
R -->|live schema| RV
T -->|CVE templates| CS
subgraph CS[CVE sources]
N1[Nuclei Open Source<br/>GitHub]
N2[Nuclei Paid<br/>ProjectDiscovery API]
end
RU -.refreshes.-> CS
RU -.refreshes.-> RV
Documentation
| Gen0Sec Docs | Product documentation and guides |
| server/config.yaml | Validation API URL, CVE source toggles, update intervals |
| manifest.json | Claude Desktop bundle manifest and user-configurable options |
| Wirefilter | The rule expression language this server targets |
Thank you!
- Cloudflare for Wirefilter
- ProjectDiscovery for the Nuclei templates
Установить Gen0Sec WAF Rule Server в Claude Desktop, Claude Code, Cursor
unyly install gen0sec-waf-rule-mcp-serverСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add gen0sec-waf-rule-mcp-server -- uvx --from git+https://github.com/gen0sec/mcp-server gen0sec-waf-rule-mcpFAQ
Gen0Sec WAF Rule Server MCP бесплатный?
Да, Gen0Sec WAF Rule Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Gen0Sec WAF Rule Server?
Нет, Gen0Sec WAF Rule Server работает без API-ключей и переменных окружения.
Gen0Sec WAF Rule Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Gen0Sec WAF Rule Server в Claude Desktop, Claude Code или Cursor?
Открой Gen0Sec WAF Rule Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Gen0Sec WAF Rule Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
