Flubber Posted May 8, 2011 Report Posted May 8, 2011 [SIZE=3][/SIZE][B][[/B]#[B]] Description[/B]: pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped in 9 testing modules: [LIST][*][B]clientSideAttacks[/B]: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.[*][B]testRules[/B]: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.[*][B]badTraffic[/B]: Non RFC compliant packets are sent to the server to test how packets are processed.[*][B]fragmentedPackets[/B]: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.[*][B]multipleFailedLogins[/B]: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.[*][B]evasionTechniques[/B]: various evasion techniques are used to check if the IDS/IPS can detect them.[*][B]shellCodes[/B]: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.[*][B]denialOfService[/B]: tests the ability of the IDS/IPS to protect against DoS attempts[*][B]pcapReplay[/B]: enables to replay pcap files[/LIST]Mai multe aici: [URL="http://www.aldeid.com/index.php/Pytbull#Description"]Pytbull - Aldeid[/URL]Din svn:[#] Instalare client SVN:[B]sudo apt-get install subversion[/B][#] Check out:[B]sudo svn checkout http://pytbull.googlecode.com/svn/trunk/ pytbull[/B]Config: Pytbull - AldeidMai multe: Pytbull - AldeidPrerequisites: Pytbull - AldeidDownload: http://pytbull.googlecode.com/files/pytbull-1.0.tar.bz2 Quote
