Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Pytbull - IDS/IPS Testing Framework Tool

Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations.

The framework is shipped with about 300 tests grouped in 9 testing modules:
  • clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  • testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  • badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  • fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  • multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  • evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  • shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  • denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
  • pcapReplay: enables to replay pcap files
 

Read more here:
 
Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!