Apr 30, 2011

pytbull IDS/IPS Testing Framework for Snort and Suricata

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.
The framework is shipped with about 300 tests grouped in 8 testing modules:
  1. clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  2. testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  3. badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  4. fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  5. multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  6. evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  7. shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  8. denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
It is easily configurable and could integrate new modules in the future. 
If you want to download it,please go to the Source.

Source: http://sourceforge.net/projects/pytbull/


Sebastien said...

Hi guys,

Please notice a few updates about pytbull:
- The entire project (downloads, bugs, svn, ...) has moved from googlecode to sourceforge.
- There's now a dedicated site for pytbull here: http://pytbull.sourceforge.net
- I've posted a request to include pytbull in Backtrack. Any comments are welcome: http://www.backtrack-linux.org/forums/backtrack-5-tool-requests/40639-pytbull-backtrack.html
- There's a new version available: v1.3. You can download it from here: https://downloads.sourceforge.net/project/pytbull/pytbull-1.3.tar.bz2

Changelog for v1.3:
- Bug fix 3305244: Error while using reverse shell
- Minor changes (check new version) due to migration of pytbull on Sourceforge
Many thanks in advance for your updates and your support!


Sébastien Damaye

Medt said...

Thank you for your update information.

Now I change the Source.

sebastiendamaye said...

pytbull v2.1 released (bug fixes): https://downloads.sourceforge.net/project/pytbull/pytbull-2.1.tar.bz2