Apr 30, 2011

pytbull IDS/IPS Testing Framework for Snort and Suricata

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.
The framework is shipped with about 300 tests grouped in 8 testing modules:
  1. clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  2. testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  3. badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  4. fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  5. multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  6. evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  7. shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  8. denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
It is easily configurable and could integrate new modules in the future. 
 
If you want to download it,please go to the Source.

Source: http://sourceforge.net/projects/pytbull/

4 comments:

Sebastien said...

Hi guys,

Please notice a few updates about pytbull:
- The entire project (downloads, bugs, svn, ...) has moved from googlecode to sourceforge.
- There's now a dedicated site for pytbull here: http://pytbull.sourceforge.net
- I've posted a request to include pytbull in Backtrack. Any comments are welcome: http://www.backtrack-linux.org/forums/backtrack-5-tool-requests/40639-pytbull-backtrack.html
- There's a new version available: v1.3. You can download it from here: https://downloads.sourceforge.net/project/pytbull/pytbull-1.3.tar.bz2

Changelog for v1.3:
- Bug fix 3305244: Error while using reverse shell
- Minor changes (check new version) due to migration of pytbull on Sourceforge
Many thanks in advance for your updates and your support!

--
Regards,

Sébastien Damaye
http://www.aldeid.com

Medt said...

Thank you for your update information.

Now I change the Source.

sebastiendamaye said...

pytbull v2.1 released (bug fixes): https://downloads.sourceforge.net/project/pytbull/pytbull-2.1.tar.bz2

Robert Welain said...

Take a look at new kik spy app bro.