Web-Spa
Web-Spa is a Java web knocking tool for sending a single HTTP/S request to your web server, in order to authorize the execution of a premeditated Operating System (O/S) command on it.
This is equivalent to port-knocking on the web layer, but with much more control: All O/S commands must be pre-defined and have a time-window of execution. Also, all users have to be registered and authorized to run any given action.
In running the standalone jar file (i.e.
webspa-{xx}.jar, you have to select one of the
following four (4) options:
-client : Run the client, generate requests
-help : Print this usage message
-server : Run the server
-version : 0.6
If no option is selected, the help message
detailing the above options will be displayed.
With each download of the standalone jar file
(i.e. webspa-{xx}.zip, see section above)
there is a rather basic shell script available,
named 'web-spa.sh'.
This script performs a `which java` and sets
the initial and maximum Java heap size.
This script needs to be chmod-ed to have execute
permissions. If you have followed the
instructions above and placed web-spa in /opt
issue the following:
bash-3.00# chmod 744 /opt/web-spa-0.6/web-spa.sh
You can test the web-spa script, by issuing:
bash-3.00# ./web-spa.sh -version
0.6
bash-3.00#
You will be required to have a java 1.6 JRE or
JDK installed. For more information see the
INSTALL file.