trinq / pytbull Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/pytbull
Automatically exported from code.google.com/p/pytbull
DESCRIPTION ----------- pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. MODULES ------- The framework is shipped with about 300 tests grouped in 8 testing modules: - clientSideAttacks This module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks. - testRules Basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS. - badTraffic Non RFC compliant packets are sent to the server to test how packets are processed. - fragmentedPackets Various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks. - multipleFailedLogins Tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata. - evasionTechniques Various evasion techniques are used to check if the IDS/IPS can detect them. - shellCodes Send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes. - denialOfService Tests the ability of the IDS/IPS to protect against DoS attempts. It is easily configurable and could integrate new modules in the future.
File pytbull.py
original lines:
print "Checking remote port 21/tcp (FTP)",
try:
ftp = FTP(self._target)
ftp.login(config.get('CREDENTIALS','ftpuser'),config.get('CREDENTIALS','ftppasswd'))
f.close()
ftp.quit()
print "..................... [ OK ]"
except:
print "..................... [ Failed ]"
print "\nFTP Connection refused on port 21/tcp!"
sys.exit(0)
Solution:
remove f.close().
Original issue reported on code.google.com by [email protected]
on 4 May 2011 at 6:24
The test number just after the last MultipleFailedLogin test is incrementing
twice. Example:
MULTIPLE FAILED LOGINS
------------
TEST #5 - FTP Login attempt with albert/abc...................... [ done ]
TEST #6 - FTP Login attempt with bernadette/bcd.................. [ done ]
TEST #7 - FTP Login attempt with christian/cde................... [ done ]
TEST #8 - FTP Login attempt with dolores/def..................... [ done ]
TEST #9 - FTP Login attempt with erik/efg........................ [ done ]
EVASION TECHNIQUES
------------
TEST #11 - Nmap decoy test (6th position)........................ [ done ]
Original issue reported on code.google.com by [email protected]
on 12 May 2011 at 4:40
pcapReplay module not present in the list of checks on the STDOUT:
TESTS
------------
Client Side Attacks.............................................. [ no ]
Test Rules....................................................... [ no ]
Bad Traffic...................................................... [ no ]
Fragmented Packets............................................... [ yes ]
Multiple Failed Logins........................................... [ yes ]
Evasion Techniques............................................... [ yes ]
ShellCodes....................................................... [ no ]
Denial of Service................................................ [ no ]
Missing:
Pcap Replay...................................................... [ yes ]
Original issue reported on code.google.com by [email protected]
on 12 May 2011 at 4:46
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.