Metadata-Version: 2.1
Name: raider
Version: 0.3.1
Summary: Web authentication testing framework
Home-page: https://raiderauth.com/
License: GPL-3.0-or-later
Keywords: authentication,security,raider,digeex,hy
Author: Daniel Neagaru
Author-email: daniel@digeex.de
Requires-Python: >=3.8,<3.11
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
Classifier: Natural Language :: English
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Lisp
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Software Development :: Testing
Requires-Dist: bs4 (>=0.0.1,<0.0.2)
Requires-Dist: funcparserlib (>=1.0.0a0,<2.0.0)
Requires-Dist: hy (>=1.0.a4,<2.0)
Requires-Dist: igraph (>=0.10.2,<0.11.0)
Requires-Dist: ipython (>=8.4.0,<9.0.0)
Requires-Dist: pkce (>=1.0.3,<2.0.0)
Requires-Dist: requests (>=2.25.1,<3.0.0)
Project-URL: Documentation, https://docs.raiderauth.com/en/latest/
Project-URL: Repository, https://github.com/OWASP/raider
Description-Content-Type: text/markdown

![Raider logo](./ext/logo.png)

# Quick links

- [Documentation](https://docs.raiderauth.com/en/latest/).
- [Installation](https://docs.raiderauth.com/en/latest/overview/install.html).
- [FAQ](https://docs.raiderauth.com/en/latest/overview/faq.html).
- [Getting started](https://docs.raiderauth.com/en/latest/tutorials/getting_started.html).
- [Architecture](https://docs.raiderauth.com/en/latest/case_studies/architecture.html)
- [Discussions](https://github.com/OWASP/raider/discussions).
- [Issues](https://github.com/OWASP/raider/issues).

# What is Raider

This is a framework initially designed to test and automate the
authentication process for web applications, and by now it has evolved
and can be used for all kinds of stateful HTTP processes. It abstracts
the client-server information exchange as a finite state machine. Each
step comprises one request with inputs, one response with outputs,
arbitrary actions to do on the response, and conditional links to
other stages. Thus, a graph-like structure is created.

Raider's configuration is inspired by Emacs. Hylang is used, which is
LISP on top of Python. LISP is used because of its "Code is Data, Data
is Code" property. With the magic of LISP macros generating
configuration automatically becomes easy. Flexibility is in its DNA,
meaning it can be infinitely extended with actual code. Since all
configuration is stored in cleartext, reproducing, sharing or
modifying attacks becomes easy.

![Example hylang configuration](./ext/config.png)


# Graph-like architecture

Raider defines a DSL to describe the information flow between the
client and the server for HTTP processes. Each step of the process is
described by a Flow, which contains the Request with inputs, Response
with outputs, and arbitrary actions including links to other Flows:

![Flows](./ext/raider_flows.png)

Chaining several Flows together can be used to simulate any stateful
HTTP process. FlowGraphs indicate the starting point. They can be
placed on any Flow. A FlowGraphs runs all Flows in the link until
Success/Failure is returned or if there are no more links.

![Flows and FlowGraphs](./ext/graph.png)

