Documentation Index
Fetch the complete documentation index at: https://docs.hackgate.io/llms.txt
Use this file to discover all available pages before exploring further.
HackGATE integrates with a Web Application Firewall (WAF) that monitors all traffic passing through your proxy. The WAF logs attack attempts and classifies them by type — giving you visibility into what kinds of attacks were attempted during testing and when.
WAF analytics use the same url, gte, and lte parameters as traffic analytics. Set url to your HackGATEd URL (e.g. example-yourorg.hackgate.net).
Attack types detected
HackGATE’s WAF recognises the following attack classifications:
| Attack type | Full name |
|---|
xss | Cross Site Scripting (XSS) |
sqli | SQL Injection (SQLi) |
lfi | Local File Inclusion (LFI) |
rce | Remote Code Execution (RCE) |
php_injection | PHP Injection |
rfi | Remote File Inclusion (RFI) |
Attack type breakdown
Get a summary of attack types grouped by occurrence count, with human-readable names:
curl "https://admin.hackgate.io/api/analytics/getWAFAttackTypes?url=example-yourorg.hackgate.net>e=2024-01-01T00:00:00Z<e=2024-01-31T23:59:59Z" \
-H "Authorization: Bearer <your-token>"
WAF rule messages
See the specific WAF rule messages triggered during testing:
curl "https://admin.hackgate.io/api/analytics/getWAFMessages?url=example-yourorg.hackgate.net>e=2024-01-01T00:00:00Z<e=2024-01-31T23:59:59Z" \
-H "Authorization: Bearer <your-token>"
WAF timeline
See how attack attempts change over time in 12-hour intervals:
curl "https://admin.hackgate.io/api/analytics/getWAFRulesTimeline?url=example-yourorg.hackgate.net>e=2024-01-01T00:00:00Z<e=2024-01-31T23:59:59Z" \
-H "Authorization: Bearer <your-token>"
Use the WAF timeline to identify testing spikes and correlate them with specific researchers using the traffic timeline API. 
