Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) framework for Snort and Suricata. We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the detection and blocking capabilities of other IDS/IPS also. You can also use it to compare IDS/IPS, or compare their or to simply check/validate configurations. The framework is well equipped with about 300 tests grouped in 8 testing modules, such as:
- clientSideAttacks: This module uses a reverse shell to provide the server with to remote malicious files. It tests the ability of the IDS/IPS to protect against client-side attacks.
- testRules: It is a basic rules testing module. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
- badTraffic: This module transmits non RFC compliant packets to the server to test how packets are processed and responded to.
- fragmentedPackets: This module transmits various fragmented payloads to a server to test its ability to recompose them and detect the attacks.
- multipleFailedLogins: This module tests the ability of the server to track multiple failed logins (e.g. FTP). It makes use of custom rules on Snort and Suricata.
- evasionTechniques: This module employs various evasion techniques to check if the IDS/IPS can detect them.
- shellCodes: This module transmits various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
- denialOfService: This module transmits tests the ability of the IDS/IPS to protect against simple DoS attempts.
- Socket: open a socket on a given port and send the payloads to the remote target on that port.
- Command: send command to the remote target with the subprocess.call() python .
- Scapy: send special crafted payloads based on the Scapy syntax
- Multiple failed logins: open a socket on port 21/TCP (FTP) and attempt to login 5 times with bad credentials.
- Client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
- A Debian based Linux operating system.
- Python (2.6.5)
- A FTP server
LINK TO OUR HOME PAGE :