Giter VIP home page Giter VIP logo

pytbull's Introduction

DESCRIPTION
-----------
pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework
for  Snort  and  Suricata.  It  can  be used to test the detection and blocking
capabilities  of  an IDS/IPS,  to compare  IDS/IPS,  to  compare  configuration
modifications and to check/validate configurations.

MODULES
-------
The framework is shipped with about 300 tests grouped in 8 testing modules:

- clientSideAttacks
      This module uses a reverse shell to provide the server with instructions
      to download remote malicious files. This module tests the ability of the
      IDS/IPS to protect against client-side attacks.

- testRules
      Basic rules testing.  These attacks  are supposed  to be detected by the
      rules sets shipped with the IDS/IPS.

- badTraffic
      Non RFC compliant packets are sent to the server to test how packets are
      processed.

- fragmentedPackets
      Various fragmented  payloads  are sent to server  to test its ability to
      recompose them and detect the attacks.

- multipleFailedLogins
      Tests the ability of the server to track multiple failed logins (e.g.
      FTP). Makes use of custom rules on Snort and Suricata.

- evasionTechniques
      Various  evasion  techniques are used to check if the IDS/IPS can detect
      them.

- shellCodes
      Send various shellcodes to the server on port 21/tcp to test the ability
      of the server to detect/reject shellcodes.

- denialOfService
      Tests the ability of the IDS/IPS to protect against DoS attempts.


It is easily configurable and could integrate new modules in the future.

pytbull's People

Contributors

sebastiendamaye avatar

Watchers

avatar

pytbull's Issues

pytbull little bug 

File pytbull.py

original lines:

 print "Checking remote port 21/tcp (FTP)",
        try:
            ftp = FTP(self._target)
            ftp.login(config.get('CREDENTIALS','ftpuser'),config.get('CREDENTIALS','ftppasswd'))
            f.close() 
            ftp.quit()
            print "..................... [   OK   ]"
        except:
            print "..................... [ Failed ]"
            print "\nFTP Connection refused on port 21/tcp!"
            sys.exit(0)


Solution:

remove f.close().

Original issue reported on code.google.com by [email protected] on 4 May 2011 at 6:24

Test number incrementing twice 

The test number just after the last MultipleFailedLogin test is incrementing 
twice. Example:


MULTIPLE FAILED LOGINS
------------
TEST #5 - FTP Login attempt with albert/abc...................... [  done  ]
TEST #6 - FTP Login attempt with bernadette/bcd.................. [  done  ]
TEST #7 - FTP Login attempt with christian/cde................... [  done  ]
TEST #8 - FTP Login attempt with dolores/def..................... [  done  ]
TEST #9 - FTP Login attempt with erik/efg........................ [  done  ]

EVASION TECHNIQUES
------------
TEST #11 - Nmap decoy test (6th position)........................ [  done  ]

Original issue reported on code.google.com by [email protected] on 12 May 2011 at 4:40

pcapReplay module not present in the std output 

pcapReplay module not present in the list of checks on the STDOUT:

TESTS
------------
Client Side Attacks.............................................. [   no   ]
Test Rules....................................................... [   no   ]
Bad Traffic...................................................... [   no   ]
Fragmented Packets............................................... [   yes  ]
Multiple Failed Logins........................................... [   yes  ]
Evasion Techniques............................................... [   yes  ]
ShellCodes....................................................... [   no   ]
Denial of Service................................................ [   no   ]

Missing:
Pcap Replay...................................................... [   yes   ]

Original issue reported on code.google.com by [email protected] on 12 May 2011 at 4:46

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.